General
-
Target
3d0b6c6a74d9add94b11165ea90542947c0e182e352ac6eb389803d9bad5bdfc
-
Size
773KB
-
Sample
230608-l6wzpsea38
-
MD5
6e2b9e39eb2f39028e1e7227478d3df3
-
SHA1
47e44f91cb1b08ff1a4234116170b9e8a89d9be2
-
SHA256
3d0b6c6a74d9add94b11165ea90542947c0e182e352ac6eb389803d9bad5bdfc
-
SHA512
33f4200e24ba10c19d5d1b79f62767d12c3e079c984cf678a38ca2878cfbe184872ab8644ee74693bda1fefcea81b56834f5aa0f74585106a310cbc4a5089dfd
-
SSDEEP
12288:gMrty904dgJbdwVEC4e3FdPUFQGNSPaCJjjl9KAhmEQ4hGxH0i:dyx4dcECRP5jiCx7tuHt
Static task
static1
Behavioral task
behavioral1
Sample
3d0b6c6a74d9add94b11165ea90542947c0e182e352ac6eb389803d9bad5bdfc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.129:19068
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
3d0b6c6a74d9add94b11165ea90542947c0e182e352ac6eb389803d9bad5bdfc
-
Size
773KB
-
MD5
6e2b9e39eb2f39028e1e7227478d3df3
-
SHA1
47e44f91cb1b08ff1a4234116170b9e8a89d9be2
-
SHA256
3d0b6c6a74d9add94b11165ea90542947c0e182e352ac6eb389803d9bad5bdfc
-
SHA512
33f4200e24ba10c19d5d1b79f62767d12c3e079c984cf678a38ca2878cfbe184872ab8644ee74693bda1fefcea81b56834f5aa0f74585106a310cbc4a5089dfd
-
SSDEEP
12288:gMrty904dgJbdwVEC4e3FdPUFQGNSPaCJjjl9KAhmEQ4hGxH0i:dyx4dcECRP5jiCx7tuHt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-