General
-
Target
file
-
Size
789KB
-
Sample
230610-2yz96agg4w
-
MD5
fadca253bcf2d2975b76ef55dc804dc4
-
SHA1
803c9341a13ba908dbd9632223b6d1c9aa5c7a2b
-
SHA256
18d0f0d88118596779630fcbe0328a4067b0ac5e65e7b5623b375378207246f6
-
SHA512
e429ad27ece6c75a0e542c9e20fb4a53afbff8eb3549e4c4a64a8b7b99cbc32448a83503a08e7ab1136c81d84725fa7ef8b79eaf9187d1ec622f96d820b886e2
-
SSDEEP
12288:vMrcy90CjaRzr06wzsssgcQTL2FOeu9vXvw1dv4ddvRve/nwiyI9SJk47VvpSa+F:/yhWRzo6/t+tvwTQdd5m/nwilolSr
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Extracted
redline
mast
83.97.73.129:19068
-
auth_value
95784a9ad2d19498f84abcf8e48d8da8
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
dast
83.97.73.129:19068
-
auth_value
17d71bf1a3f93284f5848e00b0dd8222
Targets
-
-
Target
file
-
Size
789KB
-
MD5
fadca253bcf2d2975b76ef55dc804dc4
-
SHA1
803c9341a13ba908dbd9632223b6d1c9aa5c7a2b
-
SHA256
18d0f0d88118596779630fcbe0328a4067b0ac5e65e7b5623b375378207246f6
-
SHA512
e429ad27ece6c75a0e542c9e20fb4a53afbff8eb3549e4c4a64a8b7b99cbc32448a83503a08e7ab1136c81d84725fa7ef8b79eaf9187d1ec622f96d820b886e2
-
SSDEEP
12288:vMrcy90CjaRzr06wzsssgcQTL2FOeu9vXvw1dv4ddvRve/nwiyI9SJk47VvpSa+F:/yhWRzo6/t+tvwTQdd5m/nwilolSr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-