General
-
Target
949c88f265cc9e650b26fa6b487b9ce8531f7514c49b6202ef0d11ecc731e16c
-
Size
771KB
-
Sample
230608-ss6qbagd84
-
MD5
56dfca310268607e5ea49e968b613b55
-
SHA1
2b11bec997c638f98120f06b90736867584d7fdd
-
SHA256
949c88f265cc9e650b26fa6b487b9ce8531f7514c49b6202ef0d11ecc731e16c
-
SHA512
ac88ce61456b0ef8e720bedcecb85aaf56daefab3cffa59a51bd2298cfd8684e8935d6376fd190b4de9360c03c1e7957b4d7236f38d0c32786f2e8d7b06115ff
-
SSDEEP
24576:1yVwpIA+7uKoFyhqvdAD0F3wFByJTdA6:QI+6KoFy0dAD0F6w
Static task
static1
Behavioral task
behavioral1
Sample
949c88f265cc9e650b26fa6b487b9ce8531f7514c49b6202ef0d11ecc731e16c.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
949c88f265cc9e650b26fa6b487b9ce8531f7514c49b6202ef0d11ecc731e16c
-
Size
771KB
-
MD5
56dfca310268607e5ea49e968b613b55
-
SHA1
2b11bec997c638f98120f06b90736867584d7fdd
-
SHA256
949c88f265cc9e650b26fa6b487b9ce8531f7514c49b6202ef0d11ecc731e16c
-
SHA512
ac88ce61456b0ef8e720bedcecb85aaf56daefab3cffa59a51bd2298cfd8684e8935d6376fd190b4de9360c03c1e7957b4d7236f38d0c32786f2e8d7b06115ff
-
SSDEEP
24576:1yVwpIA+7uKoFyhqvdAD0F3wFByJTdA6:QI+6KoFy0dAD0F6w
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-