General
-
Target
292bde85432b7ff6c91316ac5f7041e95141d22ff96917108354fdf341bb3b94
-
Size
625KB
-
Sample
230604-sv7qdsce75
-
MD5
ccbeb7b8e53fe3a181708c62883c65b7
-
SHA1
57f6b7404a4665b31bae2927f27dc2e652421756
-
SHA256
292bde85432b7ff6c91316ac5f7041e95141d22ff96917108354fdf341bb3b94
-
SHA512
152451e8a81f2c6c27fc584c3c648659cb2b6ab1808dd9b3154c53b3f585bb18f7101d1aad114dea908e4e84c51bc18883589925c7b27681fe326a4d0c461ea6
-
SSDEEP
12288:6Mr0y90vXToQF18E67Nf97y2yEU/Qqyy0FqmwJ/uOkUHRvqmFNgF1lJT1fr:my8su1UvVyEixmItteUFCRJTd
Static task
static1
Behavioral task
behavioral1
Sample
292bde85432b7ff6c91316ac5f7041e95141d22ff96917108354fdf341bb3b94.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
292bde85432b7ff6c91316ac5f7041e95141d22ff96917108354fdf341bb3b94
-
Size
625KB
-
MD5
ccbeb7b8e53fe3a181708c62883c65b7
-
SHA1
57f6b7404a4665b31bae2927f27dc2e652421756
-
SHA256
292bde85432b7ff6c91316ac5f7041e95141d22ff96917108354fdf341bb3b94
-
SHA512
152451e8a81f2c6c27fc584c3c648659cb2b6ab1808dd9b3154c53b3f585bb18f7101d1aad114dea908e4e84c51bc18883589925c7b27681fe326a4d0c461ea6
-
SSDEEP
12288:6Mr0y90vXToQF18E67Nf97y2yEU/Qqyy0FqmwJ/uOkUHRvqmFNgF1lJT1fr:my8su1UvVyEixmItteUFCRJTd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-