General
-
Target
bc4f523d5361853b6517094f5d05b90c89c2c0a3f423ca0b781a2b85f732eb38
-
Size
599KB
-
Sample
230609-fe484sbg4y
-
MD5
4f60e5275ea1538936e197f917e86d74
-
SHA1
0b2f83450ef9d81d990deb891cb86343072bbbad
-
SHA256
bc4f523d5361853b6517094f5d05b90c89c2c0a3f423ca0b781a2b85f732eb38
-
SHA512
684c787b5aac28371ab0b47898a8d0cf540b0ae2c001975043917aba313c9cd82027e5cedc1541910509f32cd980f834f88e7b55508c67985ad46f2c2d57b5ae
-
SSDEEP
12288:gMrmy90C7Y7cU2zMHATbAi1bNWJafP5uRqUo2NGdP7GTQnUCmIQ5Dr97Q:2yd7Y7iMmb/XfxuQUg7iQkl5P9M
Static task
static1
Behavioral task
behavioral1
Sample
bc4f523d5361853b6517094f5d05b90c89c2c0a3f423ca0b781a2b85f732eb38.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
bc4f523d5361853b6517094f5d05b90c89c2c0a3f423ca0b781a2b85f732eb38
-
Size
599KB
-
MD5
4f60e5275ea1538936e197f917e86d74
-
SHA1
0b2f83450ef9d81d990deb891cb86343072bbbad
-
SHA256
bc4f523d5361853b6517094f5d05b90c89c2c0a3f423ca0b781a2b85f732eb38
-
SHA512
684c787b5aac28371ab0b47898a8d0cf540b0ae2c001975043917aba313c9cd82027e5cedc1541910509f32cd980f834f88e7b55508c67985ad46f2c2d57b5ae
-
SSDEEP
12288:gMrmy90C7Y7cU2zMHATbAi1bNWJafP5uRqUo2NGdP7GTQnUCmIQ5Dr97Q:2yd7Y7iMmb/XfxuQUg7iQkl5P9M
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-