General
-
Target
c78b25e7b2dfb79c1d4cdbfa1bbe7389a4f14144d9ec7f0ad06c9ca6beda38f5
-
Size
596KB
-
Sample
230611-ffxknagf26
-
MD5
99bb91c77cc6e42ab6bcbcfe050a0cbc
-
SHA1
92ecc0d3692f81b08ffdb7078d3da6688c78e546
-
SHA256
c78b25e7b2dfb79c1d4cdbfa1bbe7389a4f14144d9ec7f0ad06c9ca6beda38f5
-
SHA512
be9095eb66a9b8f4c84a5baf83780b6f529b966e5385fb729de5c1677d139e593cf678a534d4d96f754222ad3d5e806e1f06da1ec5b6a45732a085541a05ad79
-
SSDEEP
12288:YMrFy90g9Q4/KbqE4VmOpYn10QvzH8vAaJey8t:dyO4Kbq3cp8YaJ0
Static task
static1
Behavioral task
behavioral1
Sample
c78b25e7b2dfb79c1d4cdbfa1bbe7389a4f14144d9ec7f0ad06c9ca6beda38f5.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
c78b25e7b2dfb79c1d4cdbfa1bbe7389a4f14144d9ec7f0ad06c9ca6beda38f5
-
Size
596KB
-
MD5
99bb91c77cc6e42ab6bcbcfe050a0cbc
-
SHA1
92ecc0d3692f81b08ffdb7078d3da6688c78e546
-
SHA256
c78b25e7b2dfb79c1d4cdbfa1bbe7389a4f14144d9ec7f0ad06c9ca6beda38f5
-
SHA512
be9095eb66a9b8f4c84a5baf83780b6f529b966e5385fb729de5c1677d139e593cf678a534d4d96f754222ad3d5e806e1f06da1ec5b6a45732a085541a05ad79
-
SSDEEP
12288:YMrFy90g9Q4/KbqE4VmOpYn10QvzH8vAaJey8t:dyO4Kbq3cp8YaJ0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-