General
-
Target
78789c5aaf0343c131fc0a3e0c0c411c3633cffbd4f6cfb9928e195cec459eb5
-
Size
724KB
-
Sample
230606-1t9glagd7x
-
MD5
0cef1c29a3bbdaf67d2b3655fbc7f8b5
-
SHA1
2efe7f99da24978bd0cd445ee46e21a1ec710bc7
-
SHA256
78789c5aaf0343c131fc0a3e0c0c411c3633cffbd4f6cfb9928e195cec459eb5
-
SHA512
94742f814ac526dd533d79c1b32c696ab8f058b69975420f5cebfc43afd90a57170f4da1fe0ced230d7dac27c5db53c60cd85f924b3fb7fff2e9dccd1d6fb693
-
SSDEEP
12288:lMr0y90h08i79T2qWpdCEfZEKxZUHAovout+OeKlz0rbmqENFD:tyh8i79k/5feKwHAoQbOe8z8bm1FD
Static task
static1
Behavioral task
behavioral1
Sample
78789c5aaf0343c131fc0a3e0c0c411c3633cffbd4f6cfb9928e195cec459eb5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
78789c5aaf0343c131fc0a3e0c0c411c3633cffbd4f6cfb9928e195cec459eb5
-
Size
724KB
-
MD5
0cef1c29a3bbdaf67d2b3655fbc7f8b5
-
SHA1
2efe7f99da24978bd0cd445ee46e21a1ec710bc7
-
SHA256
78789c5aaf0343c131fc0a3e0c0c411c3633cffbd4f6cfb9928e195cec459eb5
-
SHA512
94742f814ac526dd533d79c1b32c696ab8f058b69975420f5cebfc43afd90a57170f4da1fe0ced230d7dac27c5db53c60cd85f924b3fb7fff2e9dccd1d6fb693
-
SSDEEP
12288:lMr0y90h08i79T2qWpdCEfZEKxZUHAovout+OeKlz0rbmqENFD:tyh8i79k/5feKwHAoQbOe8z8bm1FD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-