General
-
Target
b0af4f05c0f5658c3d434a4bc74535f742c6680976769a835475c39049e8c118
-
Size
770KB
-
Sample
230608-svjzbsgd93
-
MD5
9779059e51c9cf7963879511a5a21e16
-
SHA1
eef700922e88cc4a76d22905dc10d56b7c4a5ca0
-
SHA256
b0af4f05c0f5658c3d434a4bc74535f742c6680976769a835475c39049e8c118
-
SHA512
ef3c4e69da2e1b36ce90b2db57b4897002ef39d534ed58c11e06d6fedbf3debb977d3af3a9a6ea469cd41bb42610425d73a4b3b473f538e9a88c7549277accfd
-
SSDEEP
24576:FyD62wSglFKeG3CROwUN1CGIi1LzM+87xbEZXhMxZ:gpgAslycwLz0tEZG
Static task
static1
Behavioral task
behavioral1
Sample
b0af4f05c0f5658c3d434a4bc74535f742c6680976769a835475c39049e8c118.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
muha
83.97.73.129:19068
-
auth_value
3c237e5fecb41481b7af249e79828a46
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
b0af4f05c0f5658c3d434a4bc74535f742c6680976769a835475c39049e8c118
-
Size
770KB
-
MD5
9779059e51c9cf7963879511a5a21e16
-
SHA1
eef700922e88cc4a76d22905dc10d56b7c4a5ca0
-
SHA256
b0af4f05c0f5658c3d434a4bc74535f742c6680976769a835475c39049e8c118
-
SHA512
ef3c4e69da2e1b36ce90b2db57b4897002ef39d534ed58c11e06d6fedbf3debb977d3af3a9a6ea469cd41bb42610425d73a4b3b473f538e9a88c7549277accfd
-
SSDEEP
24576:FyD62wSglFKeG3CROwUN1CGIi1LzM+87xbEZXhMxZ:gpgAslycwLz0tEZG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-