General
-
Target
file.exe
-
Size
770KB
-
Sample
230609-a2xjwsbc4w
-
MD5
f20494955a6ff506f8145d1f152a11e4
-
SHA1
d41ad29bbc612cf2379e0a2f33692d1540d99c2a
-
SHA256
fba3c9a1a75c774d52d6d6e00603aae2f6799a0131148024031dbba4fd327a6d
-
SHA512
bfdd1cc5402a04c92d2348189f0dd3b70a7587745dff9ed7a431a29513efaeab45afca752e1fea75b6fc84179b7a1898a6e9e30f36a458186b2415957af4d75f
-
SSDEEP
12288:OMroy90Urck3Uvba9+63sY/YWv6M8LeuxIPhIcuPYajyOQWsc4MmTQHkczn:KyF4kUT83V/YWv6M7Fnuw9cp4TOz
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
file.exe
-
Size
770KB
-
MD5
f20494955a6ff506f8145d1f152a11e4
-
SHA1
d41ad29bbc612cf2379e0a2f33692d1540d99c2a
-
SHA256
fba3c9a1a75c774d52d6d6e00603aae2f6799a0131148024031dbba4fd327a6d
-
SHA512
bfdd1cc5402a04c92d2348189f0dd3b70a7587745dff9ed7a431a29513efaeab45afca752e1fea75b6fc84179b7a1898a6e9e30f36a458186b2415957af4d75f
-
SSDEEP
12288:OMroy90Urck3Uvba9+63sY/YWv6M8LeuxIPhIcuPYajyOQWsc4MmTQHkczn:KyF4kUT83V/YWv6M7Fnuw9cp4TOz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-