General
-
Target
9a0bce8aeadce11593242637953f6b754771bb345919e651b36b6b07915e2bca
-
Size
771KB
-
Sample
230608-sr6nxshb5w
-
MD5
5faf4bf99af68c9a30ba14af739b08a8
-
SHA1
8856a72c2c4369f7d627a161d4c6d3351188b1e6
-
SHA256
9a0bce8aeadce11593242637953f6b754771bb345919e651b36b6b07915e2bca
-
SHA512
ed5daa5d6f398232e38071c89d44c682226ca2faa5f4fbfb42945d9215f544bb870353b24751d1e26c613515ffd25097bc7ed35ecc071805b22e3cfda95444c0
-
SSDEEP
12288:jMrky90Uzgc9tB/FgLfghJjfRvR91LU38w1voA7GL/hgjPJB2pBG+i6k1:/yUcV/wfgDLxR8FoAqL/huOG+nk1
Static task
static1
Behavioral task
behavioral1
Sample
9a0bce8aeadce11593242637953f6b754771bb345919e651b36b6b07915e2bca.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
9a0bce8aeadce11593242637953f6b754771bb345919e651b36b6b07915e2bca
-
Size
771KB
-
MD5
5faf4bf99af68c9a30ba14af739b08a8
-
SHA1
8856a72c2c4369f7d627a161d4c6d3351188b1e6
-
SHA256
9a0bce8aeadce11593242637953f6b754771bb345919e651b36b6b07915e2bca
-
SHA512
ed5daa5d6f398232e38071c89d44c682226ca2faa5f4fbfb42945d9215f544bb870353b24751d1e26c613515ffd25097bc7ed35ecc071805b22e3cfda95444c0
-
SSDEEP
12288:jMrky90Uzgc9tB/FgLfghJjfRvR91LU38w1voA7GL/hgjPJB2pBG+i6k1:/yUcV/wfgDLxR8FoAqL/huOG+nk1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-