General
-
Target
551f32210e27aa3fa3ea6acb4c8cf8f393c632fc14054ed0eb7046436c8f39f6
-
Size
624KB
-
Sample
230604-ttzttsdc7z
-
MD5
40cb9a378e2638bba65113098f64b083
-
SHA1
d0061cc3b0f7a0cee92af9b3ecfb63dda16a44cd
-
SHA256
551f32210e27aa3fa3ea6acb4c8cf8f393c632fc14054ed0eb7046436c8f39f6
-
SHA512
89cb7b74123bb7724eefaecb2ad2bc27e5bf6461e641893437921b2ee0221b2cb988e979465ae996f35d23cb7e0060aacc9ed38bd270abc780408bcd7d8ee25a
-
SSDEEP
12288:FMrfy903YyB34mS8jcAEjdrAGzUjfM6vT8kNK/pg+mQgG8Iz+sLZLv4O:SyuYw+8jcAcdr4xvFAxg+9gGzLZLQO
Static task
static1
Behavioral task
behavioral1
Sample
551f32210e27aa3fa3ea6acb4c8cf8f393c632fc14054ed0eb7046436c8f39f6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
dusa
83.97.73.126:19046
-
auth_value
ee896466545fedf9de5406175fb82de5
Extracted
redline
brain
83.97.73.126:19046
-
auth_value
5fb8269baadec0c49899b9a7a0c8851f
Targets
-
-
Target
551f32210e27aa3fa3ea6acb4c8cf8f393c632fc14054ed0eb7046436c8f39f6
-
Size
624KB
-
MD5
40cb9a378e2638bba65113098f64b083
-
SHA1
d0061cc3b0f7a0cee92af9b3ecfb63dda16a44cd
-
SHA256
551f32210e27aa3fa3ea6acb4c8cf8f393c632fc14054ed0eb7046436c8f39f6
-
SHA512
89cb7b74123bb7724eefaecb2ad2bc27e5bf6461e641893437921b2ee0221b2cb988e979465ae996f35d23cb7e0060aacc9ed38bd270abc780408bcd7d8ee25a
-
SSDEEP
12288:FMrfy903YyB34mS8jcAEjdrAGzUjfM6vT8kNK/pg+mQgG8Iz+sLZLv4O:SyuYw+8jcAcdr4xvFAxg+9gGzLZLQO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-