General
-
Target
08033799.exe
-
Size
599KB
-
Sample
230609-h2tr1abd33
-
MD5
f09338b939f5ad5b237159481b47560a
-
SHA1
d5eedf97f11019a36cf4fdc4e0854c5fdff42c5e
-
SHA256
70322428c96781fd5fcf19bf175011d36969f3aea709aaafc59f2300b273e7c5
-
SHA512
3d57c00a515e2580721d0a8df117c7ea7cb8d25946b43fef448453ca35cb2755b0e5d25431219dd141a5693befc976f2b7af060afc5f38e2fe46cb1dc52f6844
-
SSDEEP
12288:tMrRy90DIrWjmNsFiiGPXM7P3l6EqGPunQjEX/yCvTq:gyYwJm9eXmP3vqG0kQm
Static task
static1
Behavioral task
behavioral1
Sample
08033799.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
08033799.exe
-
Size
599KB
-
MD5
f09338b939f5ad5b237159481b47560a
-
SHA1
d5eedf97f11019a36cf4fdc4e0854c5fdff42c5e
-
SHA256
70322428c96781fd5fcf19bf175011d36969f3aea709aaafc59f2300b273e7c5
-
SHA512
3d57c00a515e2580721d0a8df117c7ea7cb8d25946b43fef448453ca35cb2755b0e5d25431219dd141a5693befc976f2b7af060afc5f38e2fe46cb1dc52f6844
-
SSDEEP
12288:tMrRy90DIrWjmNsFiiGPXM7P3l6EqGPunQjEX/yCvTq:gyYwJm9eXmP3vqG0kQm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-