General
-
Target
8b41e782f8bef667f17918ab30d448860d4febfba733c4245da06a2ad7ebcaab
-
Size
625KB
-
Sample
230604-stl3asce73
-
MD5
de5f57c90f922dafa8d9ba4c53dc2e86
-
SHA1
c3f50b4e9e9fc7cebed5b97d802e21dca915aa9a
-
SHA256
8b41e782f8bef667f17918ab30d448860d4febfba733c4245da06a2ad7ebcaab
-
SHA512
8e0ddc14485303054da0505d3adf37ca645fc0cd22d4d8f645ebb9581354b6b85dc27664daaf9806e2ecd78fb234abbfc2c7da4581806744124f6479fb637438
-
SSDEEP
12288:gMr9y90E7hOpTLvoW/1mFqFBKeZ/SEJ1r867gj5WIuW9rpE:tyj7hGNtmFqFQeff0NWId+
Static task
static1
Behavioral task
behavioral1
Sample
8b41e782f8bef667f17918ab30d448860d4febfba733c4245da06a2ad7ebcaab.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
8b41e782f8bef667f17918ab30d448860d4febfba733c4245da06a2ad7ebcaab
-
Size
625KB
-
MD5
de5f57c90f922dafa8d9ba4c53dc2e86
-
SHA1
c3f50b4e9e9fc7cebed5b97d802e21dca915aa9a
-
SHA256
8b41e782f8bef667f17918ab30d448860d4febfba733c4245da06a2ad7ebcaab
-
SHA512
8e0ddc14485303054da0505d3adf37ca645fc0cd22d4d8f645ebb9581354b6b85dc27664daaf9806e2ecd78fb234abbfc2c7da4581806744124f6479fb637438
-
SSDEEP
12288:gMr9y90E7hOpTLvoW/1mFqFBKeZ/SEJ1r867gj5WIuW9rpE:tyj7hGNtmFqFQeff0NWId+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-