General
-
Target
7d2ebbb8327e5e13eb220547ef72f8457c63771e46750277b72763a73043d48c
-
Size
601KB
-
Sample
230608-sa83qagc29
-
MD5
666dbe10949be5d411328cbeceb44e3a
-
SHA1
4fa0de2f94b1511eae2fb47f613c01515208835a
-
SHA256
7d2ebbb8327e5e13eb220547ef72f8457c63771e46750277b72763a73043d48c
-
SHA512
be9380427e1b002ff6b3c7cb07603f953757f4e09e5fdaa3836c3d8926e5958a49de499f9118467665706e1b479a772fa3f8b600e14c12d24ac5a87947abab2f
-
SSDEEP
12288:CMrly90vcpsaKXZLJpMhB1xSy0S2kRHxDCqI31qz1HlFIo4MTOBqP:Xy9+XxvMb1xSS2qI3W7LOQP
Static task
static1
Behavioral task
behavioral1
Sample
7d2ebbb8327e5e13eb220547ef72f8457c63771e46750277b72763a73043d48c.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
7d2ebbb8327e5e13eb220547ef72f8457c63771e46750277b72763a73043d48c
-
Size
601KB
-
MD5
666dbe10949be5d411328cbeceb44e3a
-
SHA1
4fa0de2f94b1511eae2fb47f613c01515208835a
-
SHA256
7d2ebbb8327e5e13eb220547ef72f8457c63771e46750277b72763a73043d48c
-
SHA512
be9380427e1b002ff6b3c7cb07603f953757f4e09e5fdaa3836c3d8926e5958a49de499f9118467665706e1b479a772fa3f8b600e14c12d24ac5a87947abab2f
-
SSDEEP
12288:CMrly90vcpsaKXZLJpMhB1xSy0S2kRHxDCqI31qz1HlFIo4MTOBqP:Xy9+XxvMb1xSS2qI3W7LOQP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-