General
-
Target
2d73f462404d8bb1689e0cbcf7e6e9863620aeac2b10df4e99aa58ecfad01545
-
Size
773KB
-
Sample
230608-lddyeseb6z
-
MD5
86ed5b0ab1727cdecc2b51854f6b01a8
-
SHA1
77d38e1d2fe6be47b2628e94a6c2a1a1ff55f99b
-
SHA256
2d73f462404d8bb1689e0cbcf7e6e9863620aeac2b10df4e99aa58ecfad01545
-
SHA512
c4526bc274f3f1b302e96f2130096d8092a3ba3d6960739452d540ab7abb070a9428b7b06f23bbb9aaaff763c00d587f73883c3044ec64be913e79e39a4193cb
-
SSDEEP
12288:pMrJy90jum6JvmSZH4YhVp83U9Gb7fTlYY/OEH/9sUcBUhMK9aeMdWAFhSHoxBnS:wyKujwAepTlN9DCW9MdNOWB4x
Static task
static1
Behavioral task
behavioral1
Sample
2d73f462404d8bb1689e0cbcf7e6e9863620aeac2b10df4e99aa58ecfad01545.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.129:19068
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
2d73f462404d8bb1689e0cbcf7e6e9863620aeac2b10df4e99aa58ecfad01545
-
Size
773KB
-
MD5
86ed5b0ab1727cdecc2b51854f6b01a8
-
SHA1
77d38e1d2fe6be47b2628e94a6c2a1a1ff55f99b
-
SHA256
2d73f462404d8bb1689e0cbcf7e6e9863620aeac2b10df4e99aa58ecfad01545
-
SHA512
c4526bc274f3f1b302e96f2130096d8092a3ba3d6960739452d540ab7abb070a9428b7b06f23bbb9aaaff763c00d587f73883c3044ec64be913e79e39a4193cb
-
SSDEEP
12288:pMrJy90jum6JvmSZH4YhVp83U9Gb7fTlYY/OEH/9sUcBUhMK9aeMdWAFhSHoxBnS:wyKujwAepTlN9DCW9MdNOWB4x
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-