General
-
Target
ebac8ddddae16cb5d321ff1cb8a980e0c545fa43a561ba206cac0875804f9b3f
-
Size
625KB
-
Sample
230604-tr34gadc7x
-
MD5
ee5b200ce63b73531d59cddf5d68431e
-
SHA1
ddaa673bbc82d50f0b77820c7845016208f8b024
-
SHA256
ebac8ddddae16cb5d321ff1cb8a980e0c545fa43a561ba206cac0875804f9b3f
-
SHA512
a466cf3e625717d30050a06fc2151e7abe3d48496cf08f3f727583850f9ae90331c8f92cd13f2c532386cf1bbc1da990ef48d00d0901f94e60ba7e60c17d3b52
-
SSDEEP
12288:EMr6y90NRZB7sOuRtbqP+tTOWZVTx/rTgi5t9BU6d/UhYs1B9GS:OyeRnkRJi+Fxx/nJJBU6dUjvj
Static task
static1
Behavioral task
behavioral1
Sample
ebac8ddddae16cb5d321ff1cb8a980e0c545fa43a561ba206cac0875804f9b3f.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
ebac8ddddae16cb5d321ff1cb8a980e0c545fa43a561ba206cac0875804f9b3f
-
Size
625KB
-
MD5
ee5b200ce63b73531d59cddf5d68431e
-
SHA1
ddaa673bbc82d50f0b77820c7845016208f8b024
-
SHA256
ebac8ddddae16cb5d321ff1cb8a980e0c545fa43a561ba206cac0875804f9b3f
-
SHA512
a466cf3e625717d30050a06fc2151e7abe3d48496cf08f3f727583850f9ae90331c8f92cd13f2c532386cf1bbc1da990ef48d00d0901f94e60ba7e60c17d3b52
-
SSDEEP
12288:EMr6y90NRZB7sOuRtbqP+tTOWZVTx/rTgi5t9BU6d/UhYs1B9GS:OyeRnkRJi+Fxx/nJJBU6dUjvj
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-