General
-
Target
c8fdc8c97fc0294ba8d6b8a2ec5a1eaff018cdfe9c41e8939937a12ad6f123bd
-
Size
770KB
-
Sample
230608-rahp4agf2t
-
MD5
19f01563aca0447889f55708ac7a821c
-
SHA1
ddb199d0a3beb4c9bd996f128535a91ef7ac3a1a
-
SHA256
c8fdc8c97fc0294ba8d6b8a2ec5a1eaff018cdfe9c41e8939937a12ad6f123bd
-
SHA512
b2668d6ed1e97c6f8ea58add356fb941a447c3bdda1cf9e51c4d38a34172a06a2c419177e03e9cf0272f09e2bd209bf10985d2c82f99e7a7c5294cfc6cbe12ff
-
SSDEEP
12288:7Mr3y90/ERMFfJSJFliwwKbZuF6HLXsTDBNPGEJEaB53yaJYb0zzydZgClOubbX:YyEERMBYliWbZJrWHxJZ58wzzeZg9uv
Static task
static1
Behavioral task
behavioral1
Sample
c8fdc8c97fc0294ba8d6b8a2ec5a1eaff018cdfe9c41e8939937a12ad6f123bd.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.129:19068
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
c8fdc8c97fc0294ba8d6b8a2ec5a1eaff018cdfe9c41e8939937a12ad6f123bd
-
Size
770KB
-
MD5
19f01563aca0447889f55708ac7a821c
-
SHA1
ddb199d0a3beb4c9bd996f128535a91ef7ac3a1a
-
SHA256
c8fdc8c97fc0294ba8d6b8a2ec5a1eaff018cdfe9c41e8939937a12ad6f123bd
-
SHA512
b2668d6ed1e97c6f8ea58add356fb941a447c3bdda1cf9e51c4d38a34172a06a2c419177e03e9cf0272f09e2bd209bf10985d2c82f99e7a7c5294cfc6cbe12ff
-
SSDEEP
12288:7Mr3y90/ERMFfJSJFliwwKbZuF6HLXsTDBNPGEJEaB53yaJYb0zzydZgClOubbX:YyEERMBYliWbZJrWHxJZ58wzzeZg9uv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-