General
-
Target
1c9179fad34aa4dd246b5ebd3539b7b1.bin
-
Size
691KB
-
Sample
230607-bpd3fsgc65
-
MD5
d2f2fb1886ce017030ab225617a4922f
-
SHA1
a45a482323f891f83f807adc932647f881707e46
-
SHA256
baff53861dd80458c98ebe09f01ac9cc5885678651fc6d5c3e62dab932973b62
-
SHA512
6808ceec8c56ac0b66ba3f95897ef5f6a6baba6ad11c236f025b3d25a608f89507a358116e056fb166c98ef18a0780ff70bd48bfad12fab6dfcb1867cd428607
-
SSDEEP
12288:Na288LUAdfQTwY3UGF0C2IYZkBGL9kD9VjvzCr7v7agqOmsVUiJN9CUfs9a5Co:Nr8QUPcRIpRVjvzUv7T5v9CUfYaCo
Static task
static1
Behavioral task
behavioral1
Sample
05ada3c7bb54efda0f84ce338d7558a6000e4bffc6e640d5ac2c25f6b1504976.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
05ada3c7bb54efda0f84ce338d7558a6000e4bffc6e640d5ac2c25f6b1504976.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
05ada3c7bb54efda0f84ce338d7558a6000e4bffc6e640d5ac2c25f6b1504976.exe
-
Size
735KB
-
MD5
1c9179fad34aa4dd246b5ebd3539b7b1
-
SHA1
04d1a165e2e7dc2f1736223a9cfe1ad7aebacb6a
-
SHA256
05ada3c7bb54efda0f84ce338d7558a6000e4bffc6e640d5ac2c25f6b1504976
-
SHA512
ead9b21f1df264c0fff816a6e11eba1c747cf16bb7dcc65c766f203a848e31b7e882edfc36bee62f6e22eb0639470bed72022759012204c92fb5919251e60edd
-
SSDEEP
12288:hMrqy90LcnW2YHevd7sSQ3lcPnQgP7ya7NkVBV20IxE:DyA2YHevd7sSI2f5Pua+I0qE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-