General
-
Target
7a2fcfdb544c7295eb48618061914c161f77486fd32acc683d95852be4cd5cf6
-
Size
770KB
-
Sample
230608-snx8dagd49
-
MD5
07ba139d963e5778120ef3ac3f30d0c0
-
SHA1
35c2e2d5b678da32203a026bb12dfcf8a952b043
-
SHA256
7a2fcfdb544c7295eb48618061914c161f77486fd32acc683d95852be4cd5cf6
-
SHA512
19850f07d1e3acf5f60f93e32570696558de174d53ebaf1dd957ab4919a0ece4039cb8428c69c88846793cff18985b3803e023fa5cec0b4ba1dfc6b7a7f83848
-
SSDEEP
24576:pyiOX9l8rTUD7itfYicfMsZHBOOOaCDRYu+:cFTmTUD+FIf1IT
Static task
static1
Behavioral task
behavioral1
Sample
7a2fcfdb544c7295eb48618061914c161f77486fd32acc683d95852be4cd5cf6.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
maxi
83.97.73.129:19068
-
auth_value
6a3f22e5f4209b056a3fd330dc71956a
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
7a2fcfdb544c7295eb48618061914c161f77486fd32acc683d95852be4cd5cf6
-
Size
770KB
-
MD5
07ba139d963e5778120ef3ac3f30d0c0
-
SHA1
35c2e2d5b678da32203a026bb12dfcf8a952b043
-
SHA256
7a2fcfdb544c7295eb48618061914c161f77486fd32acc683d95852be4cd5cf6
-
SHA512
19850f07d1e3acf5f60f93e32570696558de174d53ebaf1dd957ab4919a0ece4039cb8428c69c88846793cff18985b3803e023fa5cec0b4ba1dfc6b7a7f83848
-
SSDEEP
24576:pyiOX9l8rTUD7itfYicfMsZHBOOOaCDRYu+:cFTmTUD+FIf1IT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-