General
-
Target
5285fd0481002a0431645bddd5468528077d04ef1b87d41cbb86e41b3f1c41cb
-
Size
600KB
-
Sample
230608-sv18lshb71
-
MD5
04bba2e394340a9aabe43a77c3294e77
-
SHA1
f7e206f5e926c1255a16f62012408dec1b961027
-
SHA256
5285fd0481002a0431645bddd5468528077d04ef1b87d41cbb86e41b3f1c41cb
-
SHA512
b64658c507f8ed32552c855a8b26726cb12e9ee00e32715f5d8e05736f0e567e4b0ddfa5b7f88c358e512be176fc319093be0d1c0a3c60ebb70f0d2bd4662153
-
SSDEEP
12288:xMrvy90HQ0uwbO3n8AgVeRh33vwVEML5iYtm7fDZM:myMQ0/S1gVSdvaVw7fDe
Static task
static1
Behavioral task
behavioral1
Sample
5285fd0481002a0431645bddd5468528077d04ef1b87d41cbb86e41b3f1c41cb.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
5285fd0481002a0431645bddd5468528077d04ef1b87d41cbb86e41b3f1c41cb
-
Size
600KB
-
MD5
04bba2e394340a9aabe43a77c3294e77
-
SHA1
f7e206f5e926c1255a16f62012408dec1b961027
-
SHA256
5285fd0481002a0431645bddd5468528077d04ef1b87d41cbb86e41b3f1c41cb
-
SHA512
b64658c507f8ed32552c855a8b26726cb12e9ee00e32715f5d8e05736f0e567e4b0ddfa5b7f88c358e512be176fc319093be0d1c0a3c60ebb70f0d2bd4662153
-
SSDEEP
12288:xMrvy90HQ0uwbO3n8AgVeRh33vwVEML5iYtm7fDZM:myMQ0/S1gVSdvaVw7fDe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-