General
-
Target
e64cc1894f22ad69da37f5b703b827de.exe
-
Size
753KB
-
Sample
230608-hqcz4sda67
-
MD5
e64cc1894f22ad69da37f5b703b827de
-
SHA1
996d631f13bb0978fe077c3154441dc9d5c95dbb
-
SHA256
ae1af8d73d68698a1a0920e00c0030d9c9bdbfcfa18ddd3499499a3158757a60
-
SHA512
b1185aa2efe46c8d17aa648c9ab278c11364753efd25d347cbe8af1561d50d806092e654b2a12d1648d735a6b4c2ba6e54f36607ab606a662bc0019037dce9a7
-
SSDEEP
12288:VMrEy90FcqN0q8lQCkxCd/kFpg7FpMjq0PjD7huqfm15vnaPXlhGykeWq:Ry2ciba/epg7nMxbD7I5CVsm
Static task
static1
Behavioral task
behavioral1
Sample
e64cc1894f22ad69da37f5b703b827de.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e64cc1894f22ad69da37f5b703b827de.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.129:19068
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
e64cc1894f22ad69da37f5b703b827de.exe
-
Size
753KB
-
MD5
e64cc1894f22ad69da37f5b703b827de
-
SHA1
996d631f13bb0978fe077c3154441dc9d5c95dbb
-
SHA256
ae1af8d73d68698a1a0920e00c0030d9c9bdbfcfa18ddd3499499a3158757a60
-
SHA512
b1185aa2efe46c8d17aa648c9ab278c11364753efd25d347cbe8af1561d50d806092e654b2a12d1648d735a6b4c2ba6e54f36607ab606a662bc0019037dce9a7
-
SSDEEP
12288:VMrEy90FcqN0q8lQCkxCd/kFpg7FpMjq0PjD7huqfm15vnaPXlhGykeWq:Ry2ciba/epg7nMxbD7I5CVsm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-