General
-
Target
814cf889e2556a9b5deb46e77cbe2e41.bin
-
Size
553KB
-
Sample
230611-b1vjksgc59
-
MD5
b7252b2e9005788f5a4f27deb71bd8ba
-
SHA1
3052c02c6f93275be6bdf5b5bb900bf91bd298f8
-
SHA256
9ad7bafb11126f440245e4af588a7dd3e8a9b61591c69bc760667edafcc7c7ea
-
SHA512
b8d1d3dc0c76fb1d7b558e5a7515fdc104052c48ea8a6c660d6f517b32d8f13e0a890fb37112a9b374123db2de018f17492b534b3131de232ecca7d1b4076b02
-
SSDEEP
12288:18/eRK8IVh0TxkqXObZ+x/KAAAvW2VhBTrOKR5A7mwZYZbrn+Vl:G/980hWuypxNAAvWWBNWC8YZgl
Static task
static1
Behavioral task
behavioral1
Sample
c0e52121d52fa0619a45f01c836fc13cae2565d5fb3ba111a8ddcbd040e2511a.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
c0e52121d52fa0619a45f01c836fc13cae2565d5fb3ba111a8ddcbd040e2511a.exe
-
Size
597KB
-
MD5
814cf889e2556a9b5deb46e77cbe2e41
-
SHA1
2148de9636ed151440354dde07a45dca0ac5d856
-
SHA256
c0e52121d52fa0619a45f01c836fc13cae2565d5fb3ba111a8ddcbd040e2511a
-
SHA512
db4e3717e36314c0b26804fd271dc45206b8dded38acaf984f4678dd223cb2f34a70fe4509b0ace9e89b9953580592cfe1da1c854b61edd9ea4346fb75ca331d
-
SSDEEP
12288:tMrLy907B0l+BghzpRcWOMkx070kYzc063BRU7J8MwGf:Sy8B0lFhVR/kxXcfvoJHwi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-