General
-
Target
4ac169728f8b6ee29cd509efedc2ce37.bin
-
Size
722KB
-
Sample
230609-bgph8aaf37
-
MD5
4ac169728f8b6ee29cd509efedc2ce37
-
SHA1
33985f52d1050eb30e8dc2341acf3c709f9f09be
-
SHA256
52d1a16f2bebab754cc0ce36eda936464cd235ebdf064a868d7fc1822470102e
-
SHA512
6784b45788ee0f7ddacd04ff2419f1a261669086a2eb30235109c1549c322959693f70f8df6f716c0b9275929ec56f96f58941ed36818c2affbd7aee5784009e
-
SSDEEP
12288:zMrdy90hTlMm/eKO+en+185PiFAza6gtzbf4zHnGioC4XQRWZIMpJzw1e:ay4Xe+Xd6QzkzHGio5Xrzv
Static task
static1
Behavioral task
behavioral1
Sample
4ac169728f8b6ee29cd509efedc2ce37.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
diza
83.97.73.129:19068
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
sheron
83.97.73.129:19068
-
auth_value
2d067e7e2372227d3a03b335260112e9
Targets
-
-
Target
4ac169728f8b6ee29cd509efedc2ce37.bin
-
Size
722KB
-
MD5
4ac169728f8b6ee29cd509efedc2ce37
-
SHA1
33985f52d1050eb30e8dc2341acf3c709f9f09be
-
SHA256
52d1a16f2bebab754cc0ce36eda936464cd235ebdf064a868d7fc1822470102e
-
SHA512
6784b45788ee0f7ddacd04ff2419f1a261669086a2eb30235109c1549c322959693f70f8df6f716c0b9275929ec56f96f58941ed36818c2affbd7aee5784009e
-
SSDEEP
12288:zMrdy90hTlMm/eKO+en+185PiFAza6gtzbf4zHnGioC4XQRWZIMpJzw1e:ay4Xe+Xd6QzkzHGio5Xrzv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-