General
-
Target
ab2ff4a1a81127eb389aac308d0c5164d797ead7055cfc10757697530d862825
-
Size
769KB
-
Sample
230608-sv3fnshb8s
-
MD5
2c07a4dcc55623324990642eb3348f6e
-
SHA1
34cd045078165706c16f989758d208a00638c616
-
SHA256
ab2ff4a1a81127eb389aac308d0c5164d797ead7055cfc10757697530d862825
-
SHA512
b07cdd9a36a00540feef543d522106b7be67acb14538e65eb69bc7434af893ca5622afb805547280eb086007657d32ce2025bf1e0080baa112bff99704e117f6
-
SSDEEP
12288:HMriy90sdRUz8lj8kXgNXBWYvePi82VABjPFENZkuhVLDjcewI43x6VVp5ODq:lybbsBWlPP2WBjFsk0VLDIpjh66Dq
Static task
static1
Behavioral task
behavioral1
Sample
ab2ff4a1a81127eb389aac308d0c5164d797ead7055cfc10757697530d862825.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
ab2ff4a1a81127eb389aac308d0c5164d797ead7055cfc10757697530d862825
-
Size
769KB
-
MD5
2c07a4dcc55623324990642eb3348f6e
-
SHA1
34cd045078165706c16f989758d208a00638c616
-
SHA256
ab2ff4a1a81127eb389aac308d0c5164d797ead7055cfc10757697530d862825
-
SHA512
b07cdd9a36a00540feef543d522106b7be67acb14538e65eb69bc7434af893ca5622afb805547280eb086007657d32ce2025bf1e0080baa112bff99704e117f6
-
SSDEEP
12288:HMriy90sdRUz8lj8kXgNXBWYvePi82VABjPFENZkuhVLDjcewI43x6VVp5ODq:lybbsBWlPP2WBjFsk0VLDIpjh66Dq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-