General
-
Target
d9b7235181c32eb7eef739de3faca5669d67633dbda8b3cec7f5adfcfbe42065
-
Size
770KB
-
Sample
230608-r9y65agb97
-
MD5
671a8276ed05adf5bf8a2bc9905bcd2f
-
SHA1
761976201c44f0920b84449c897dc4542c865540
-
SHA256
d9b7235181c32eb7eef739de3faca5669d67633dbda8b3cec7f5adfcfbe42065
-
SHA512
9bee98aa217d23072aeb5b23ea0f3a2c8cd7a801042b788e9e062b46783fb48af4ecefdbe7a5e0a95cbb31958b49fcf38b1c2d05376099e4f5b04030809794f3
-
SSDEEP
12288:zMrGy907pH0vWpxZupbVqYHBMnObY0NarjzYMNLnJNsAkxQ:ZyiHMUCpbNMnObYbsMpDcm
Static task
static1
Behavioral task
behavioral1
Sample
d9b7235181c32eb7eef739de3faca5669d67633dbda8b3cec7f5adfcfbe42065.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
d9b7235181c32eb7eef739de3faca5669d67633dbda8b3cec7f5adfcfbe42065
-
Size
770KB
-
MD5
671a8276ed05adf5bf8a2bc9905bcd2f
-
SHA1
761976201c44f0920b84449c897dc4542c865540
-
SHA256
d9b7235181c32eb7eef739de3faca5669d67633dbda8b3cec7f5adfcfbe42065
-
SHA512
9bee98aa217d23072aeb5b23ea0f3a2c8cd7a801042b788e9e062b46783fb48af4ecefdbe7a5e0a95cbb31958b49fcf38b1c2d05376099e4f5b04030809794f3
-
SSDEEP
12288:zMrGy907pH0vWpxZupbVqYHBMnObY0NarjzYMNLnJNsAkxQ:ZyiHMUCpbNMnObYbsMpDcm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-