General
-
Target
d787dec5f9f025a4d7cf1ebb4e8ee87fdb9b8519a1f4a0b7e69c30f4a1bffb59
-
Size
601KB
-
Sample
230608-rxe8gsgg8s
-
MD5
aef8cbe25c6091d3fde34504254f08e0
-
SHA1
4f4f181bb6fb38f6abdd3c7de7fe45de80010fe2
-
SHA256
d787dec5f9f025a4d7cf1ebb4e8ee87fdb9b8519a1f4a0b7e69c30f4a1bffb59
-
SHA512
599547b1052aff385db527768a7fda21143087e05d9ecd5fd42bf51d6fc52005b6f45683b71e5f9a58707498afc5d8c845c36441518dfde054368b70bee7e29a
-
SSDEEP
12288:wMrDy90llITQrmT22kmbCfZ5AKdZ4N2+PNgg4n:jyQIQ82K22+Zr+lggY
Static task
static1
Behavioral task
behavioral1
Sample
d787dec5f9f025a4d7cf1ebb4e8ee87fdb9b8519a1f4a0b7e69c30f4a1bffb59.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
d787dec5f9f025a4d7cf1ebb4e8ee87fdb9b8519a1f4a0b7e69c30f4a1bffb59
-
Size
601KB
-
MD5
aef8cbe25c6091d3fde34504254f08e0
-
SHA1
4f4f181bb6fb38f6abdd3c7de7fe45de80010fe2
-
SHA256
d787dec5f9f025a4d7cf1ebb4e8ee87fdb9b8519a1f4a0b7e69c30f4a1bffb59
-
SHA512
599547b1052aff385db527768a7fda21143087e05d9ecd5fd42bf51d6fc52005b6f45683b71e5f9a58707498afc5d8c845c36441518dfde054368b70bee7e29a
-
SSDEEP
12288:wMrDy90llITQrmT22kmbCfZ5AKdZ4N2+PNgg4n:jyQIQ82K22+Zr+lggY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-