General
-
Target
bf8f78133837742c9f5e5c8e9241407bd5967efd7f240f39fd76df7b5fb28298
-
Size
625KB
-
Sample
230604-sx3jfsdb9v
-
MD5
1ce3e3f9af492e8cbac19c547d25e60c
-
SHA1
358f4429d811bde1da6023bd388a808edfc62515
-
SHA256
bf8f78133837742c9f5e5c8e9241407bd5967efd7f240f39fd76df7b5fb28298
-
SHA512
d30d1861c93d13f87d6b908b7555771546e47710145b344e162a2ea27175517df6bf84b7286244ed66ace98642fe238e4b73e91a4e19524c97b71c7da34315f8
-
SSDEEP
12288:SMrzy90GWXTinU3afuGKf9CuTHPHSS4DgnuFgnQCP8QaEbuNHNL5Wi/1Z:ZyFWDU/fzW17H1uuPqE4NlP1Z
Static task
static1
Behavioral task
behavioral1
Sample
bf8f78133837742c9f5e5c8e9241407bd5967efd7f240f39fd76df7b5fb28298.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
bf8f78133837742c9f5e5c8e9241407bd5967efd7f240f39fd76df7b5fb28298
-
Size
625KB
-
MD5
1ce3e3f9af492e8cbac19c547d25e60c
-
SHA1
358f4429d811bde1da6023bd388a808edfc62515
-
SHA256
bf8f78133837742c9f5e5c8e9241407bd5967efd7f240f39fd76df7b5fb28298
-
SHA512
d30d1861c93d13f87d6b908b7555771546e47710145b344e162a2ea27175517df6bf84b7286244ed66ace98642fe238e4b73e91a4e19524c97b71c7da34315f8
-
SSDEEP
12288:SMrzy90GWXTinU3afuGKf9CuTHPHSS4DgnuFgnQCP8QaEbuNHNL5Wi/1Z:ZyFWDU/fzW17H1uuPqE4NlP1Z
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-