General
-
Target
55d8ac5c70ce9c9870ada10c033ffb630f70b53407d1a786ab1e529becee2967
-
Size
723KB
-
Sample
230606-1d7casfg53
-
MD5
a412cd19a656ed6d2e8350401a4915d8
-
SHA1
177889cddf795c23362ddac7835853dd88248d58
-
SHA256
55d8ac5c70ce9c9870ada10c033ffb630f70b53407d1a786ab1e529becee2967
-
SHA512
332d493a759ea429ee660ac5a0529e0df48a4166a08a1084564a70579b44f0f450c1cbcd1a5676c6e007a29d7e527a44369ff80b8659df4fc94c298c33c312cf
-
SSDEEP
12288:vMrfy90o4C+v001z3XZP43lqVSmc3UmMVDpFU/d24WJl5ZEG7F/BCKQt3Zdds0Aq:MyadvHz3XZA3I5HFAd2D/ZHFNQt3Zdd1
Static task
static1
Behavioral task
behavioral1
Sample
55d8ac5c70ce9c9870ada10c033ffb630f70b53407d1a786ab1e529becee2967.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
55d8ac5c70ce9c9870ada10c033ffb630f70b53407d1a786ab1e529becee2967
-
Size
723KB
-
MD5
a412cd19a656ed6d2e8350401a4915d8
-
SHA1
177889cddf795c23362ddac7835853dd88248d58
-
SHA256
55d8ac5c70ce9c9870ada10c033ffb630f70b53407d1a786ab1e529becee2967
-
SHA512
332d493a759ea429ee660ac5a0529e0df48a4166a08a1084564a70579b44f0f450c1cbcd1a5676c6e007a29d7e527a44369ff80b8659df4fc94c298c33c312cf
-
SSDEEP
12288:vMrfy90o4C+v001z3XZP43lqVSmc3UmMVDpFU/d24WJl5ZEG7F/BCKQt3Zdds0Aq:MyadvHz3XZA3I5HFAd2D/ZHFNQt3Zdd1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-