General
-
Target
b012e928287eba5de20415c534ca1250349ded0f5ac77f8ccb1f28aa62af4766
-
Size
594KB
-
Sample
230611-ffvfasgf25
-
MD5
5e3330f0743827b34b76d55266feb2ce
-
SHA1
48f0ddc136d4035b4f0ad6d214ccb113157e3ffe
-
SHA256
b012e928287eba5de20415c534ca1250349ded0f5ac77f8ccb1f28aa62af4766
-
SHA512
14fd948a2a32e75d7389c718a2047a75a9a35dfdfde37c67512c346e4943e937830088bcf80211e3a2832afb7ca1711e2f0c4128c9a4c537cd7eca1ede90cde7
-
SSDEEP
12288:CMrFy90asDkdDMfCfZQQqrz2aCsO+bMeRAdDoD5qjHKTBdsB2W:3yiD7CfZkzJZO+46M0WHKLW
Static task
static1
Behavioral task
behavioral1
Sample
b012e928287eba5de20415c534ca1250349ded0f5ac77f8ccb1f28aa62af4766.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
dast
83.97.73.129:19068
-
auth_value
17d71bf1a3f93284f5848e00b0dd8222
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
b012e928287eba5de20415c534ca1250349ded0f5ac77f8ccb1f28aa62af4766
-
Size
594KB
-
MD5
5e3330f0743827b34b76d55266feb2ce
-
SHA1
48f0ddc136d4035b4f0ad6d214ccb113157e3ffe
-
SHA256
b012e928287eba5de20415c534ca1250349ded0f5ac77f8ccb1f28aa62af4766
-
SHA512
14fd948a2a32e75d7389c718a2047a75a9a35dfdfde37c67512c346e4943e937830088bcf80211e3a2832afb7ca1711e2f0c4128c9a4c537cd7eca1ede90cde7
-
SSDEEP
12288:CMrFy90asDkdDMfCfZQQqrz2aCsO+bMeRAdDoD5qjHKTBdsB2W:3yiD7CfZkzJZO+46M0WHKLW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-