General
-
Target
3302f7b5b557013c67a658b8878156a23b5f6010cd1b6d663eded0d2601439fc
-
Size
600KB
-
Sample
230608-spgl1shb2z
-
MD5
2d92833695ba46ffdfed6dd327792210
-
SHA1
7500097a20bc8200c549b73dc14e9c20a0b2e690
-
SHA256
3302f7b5b557013c67a658b8878156a23b5f6010cd1b6d663eded0d2601439fc
-
SHA512
01c4124c5ea88f4070a3ed43d41736e6940f65c822fee0456305070e183889c082cc865c421524ada97ae95da5a20be33e50907fa96ea2b39f5a213f3b4fb419
-
SSDEEP
12288:DMrdy90ihb58TZPdVE204+xK59Q9SOtcuZVdiea2vvZTcMUTb:WyZ5KdV2Fc59gS1yVq2vhYb/
Static task
static1
Behavioral task
behavioral1
Sample
3302f7b5b557013c67a658b8878156a23b5f6010cd1b6d663eded0d2601439fc.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
3302f7b5b557013c67a658b8878156a23b5f6010cd1b6d663eded0d2601439fc
-
Size
600KB
-
MD5
2d92833695ba46ffdfed6dd327792210
-
SHA1
7500097a20bc8200c549b73dc14e9c20a0b2e690
-
SHA256
3302f7b5b557013c67a658b8878156a23b5f6010cd1b6d663eded0d2601439fc
-
SHA512
01c4124c5ea88f4070a3ed43d41736e6940f65c822fee0456305070e183889c082cc865c421524ada97ae95da5a20be33e50907fa96ea2b39f5a213f3b4fb419
-
SSDEEP
12288:DMrdy90ihb58TZPdVE204+xK59Q9SOtcuZVdiea2vvZTcMUTb:WyZ5KdV2Fc59gS1yVq2vhYb/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-