General
-
Target
554d25724c8f6f53af8721d0ef6b6f42.bin
-
Size
692KB
-
Sample
230607-cca1psha4s
-
MD5
677440c6245e76bd764ebcb9246f994e
-
SHA1
354536a4502610d2162a54c21ce42bd7fcb1f336
-
SHA256
e1109d3fac039f48468d738898eafc1c476f7f361b3545e8cff17c4005d0e8e2
-
SHA512
9170e72af6f303648861d4f111e8bd42e5e7198e99fae71dd5b6017b2bf828511961edc42c083ec2619ed0f70b51ff1dfe4cda5f6519582134855693594c5648
-
SSDEEP
12288:kYMcnyQTaYREKYD8NqM1I3nrDugLgK/aO+BlFvxxa2fHLoXUHWSqOfjZkmWdI:1M2yQNSKBNqM16nGcgKyO+BlZxxa0Hrp
Static task
static1
Behavioral task
behavioral1
Sample
e43fff23b2fff04d4a335ab5ff3cf69ba90bcc0dbe35901cf1c1e020614a0f07.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e43fff23b2fff04d4a335ab5ff3cf69ba90bcc0dbe35901cf1c1e020614a0f07.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.126:19048
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Targets
-
-
Target
e43fff23b2fff04d4a335ab5ff3cf69ba90bcc0dbe35901cf1c1e020614a0f07.exe
-
Size
736KB
-
MD5
554d25724c8f6f53af8721d0ef6b6f42
-
SHA1
12aa02a42690740e106790852709edd8648177ac
-
SHA256
e43fff23b2fff04d4a335ab5ff3cf69ba90bcc0dbe35901cf1c1e020614a0f07
-
SHA512
b3edc933a34230613dafc3edf1d3e6e6adc73a55fcad4b4e80d903aec6bd87052df69c7752a39618385508006625b4d828bf25eaecc15bec4966e9320a39bff0
-
SSDEEP
12288:HMriy90oEzXGK/FxXki8Y52n1bW2sIPNhO1d8lvUeVaPXDBXi9V0Hh9PHL39n+rZ:xyLQWK/FxuY5kIAwBeV+XlXtHhJrt+rZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-