General
-
Target
df65f980e536318f22fdfc21773829fcd216e2b031b36d743a8bce082582b97d
-
Size
600KB
-
Sample
230608-sr842sgd72
-
MD5
76da21809c28674d127cecb9a7b3e224
-
SHA1
605c65f6e928e1ac405465af09b9e218f48d04be
-
SHA256
df65f980e536318f22fdfc21773829fcd216e2b031b36d743a8bce082582b97d
-
SHA512
5cc8c3774f52a1197460a8e663eda485aaf49677ba9cbf359cabc4b9787d6b7507d2c00a753990fb604204d9e2422d3cd173f702afa2ebf641929138345988bb
-
SSDEEP
12288:LMrby909dgFHV0TeOTKgW4cZnJAfm87s3cUOlaOCQxAj2sa2:IywCl0KHZnJissUOlaFQxAN5
Static task
static1
Behavioral task
behavioral1
Sample
df65f980e536318f22fdfc21773829fcd216e2b031b36d743a8bce082582b97d.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
df65f980e536318f22fdfc21773829fcd216e2b031b36d743a8bce082582b97d
-
Size
600KB
-
MD5
76da21809c28674d127cecb9a7b3e224
-
SHA1
605c65f6e928e1ac405465af09b9e218f48d04be
-
SHA256
df65f980e536318f22fdfc21773829fcd216e2b031b36d743a8bce082582b97d
-
SHA512
5cc8c3774f52a1197460a8e663eda485aaf49677ba9cbf359cabc4b9787d6b7507d2c00a753990fb604204d9e2422d3cd173f702afa2ebf641929138345988bb
-
SSDEEP
12288:LMrby909dgFHV0TeOTKgW4cZnJAfm87s3cUOlaOCQxAj2sa2:IywCl0KHZnJissUOlaFQxAN5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-