General
-
Target
c4e6f6488d843e83d1428812640d71dac94cb0fd68a3ac599c828703fda7c409
-
Size
625KB
-
Sample
230604-sptxcace65
-
MD5
1d13bf612239598d4e77b17d2a39df9f
-
SHA1
ee3f54f5aed0649aa4471a349e51a717a222b702
-
SHA256
c4e6f6488d843e83d1428812640d71dac94cb0fd68a3ac599c828703fda7c409
-
SHA512
9827869e05b2a42ab8d5b14a018cf6c48d586a560c67288e8ef4525874459e908f7ddfdba0b6e9e965f2d0128786b3bbd453e6aa32d74a00b2950b3e98c47c4d
-
SSDEEP
12288:4MrHy90LmTkizZKNQTCKVnCCBY0qqJVXNHgYKQ/9ihc8VzXtLaTl2ad:vytTkmZKNQUIgJwih3zXtGl2m
Static task
static1
Behavioral task
behavioral1
Sample
c4e6f6488d843e83d1428812640d71dac94cb0fd68a3ac599c828703fda7c409.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
c4e6f6488d843e83d1428812640d71dac94cb0fd68a3ac599c828703fda7c409
-
Size
625KB
-
MD5
1d13bf612239598d4e77b17d2a39df9f
-
SHA1
ee3f54f5aed0649aa4471a349e51a717a222b702
-
SHA256
c4e6f6488d843e83d1428812640d71dac94cb0fd68a3ac599c828703fda7c409
-
SHA512
9827869e05b2a42ab8d5b14a018cf6c48d586a560c67288e8ef4525874459e908f7ddfdba0b6e9e965f2d0128786b3bbd453e6aa32d74a00b2950b3e98c47c4d
-
SSDEEP
12288:4MrHy90LmTkizZKNQTCKVnCCBY0qqJVXNHgYKQ/9ihc8VzXtLaTl2ad:vytTkmZKNQUIgJwih3zXtGl2m
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-