General
-
Target
99bb91c77cc6e42ab6bcbcfe050a0cbc.bin
-
Size
553KB
-
Sample
230613-b17txaed49
-
MD5
5d0ed6c0f0d6ca2df190a5c61261037b
-
SHA1
ef43a52fcc00641ec605e0c8b47b60b27cc5f1a6
-
SHA256
4b325ed5a1a00162a631e15c4aa5922b9fdf09a26b724546275a68d6a80cb8d1
-
SHA512
602a5164932ef01d3e3dee6978bfc7f281c7e5e925380617f5ab9bcc88c819859bce11659ac62e60e3879250bb1e46713710b429b86748760f54edc2f2750fc4
-
SSDEEP
12288:5fznHDUGSJ+GBbzmRMl6YoflJRvMhYdQjDoNlSZuok:5HDU74GtaRMgYIJMhz8IZW
Static task
static1
Behavioral task
behavioral1
Sample
c78b25e7b2dfb79c1d4cdbfa1bbe7389a4f14144d9ec7f0ad06c9ca6beda38f5.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Extracted
amadey
3.83
77.91.68.30/music/rock/index.php
Extracted
redline
crazy
83.97.73.129:19068
-
auth_value
66bc4d9682ea090eef64a299ece12fdd
Targets
-
-
Target
c78b25e7b2dfb79c1d4cdbfa1bbe7389a4f14144d9ec7f0ad06c9ca6beda38f5.exe
-
Size
596KB
-
MD5
99bb91c77cc6e42ab6bcbcfe050a0cbc
-
SHA1
92ecc0d3692f81b08ffdb7078d3da6688c78e546
-
SHA256
c78b25e7b2dfb79c1d4cdbfa1bbe7389a4f14144d9ec7f0ad06c9ca6beda38f5
-
SHA512
be9095eb66a9b8f4c84a5baf83780b6f529b966e5385fb729de5c1677d139e593cf678a534d4d96f754222ad3d5e806e1f06da1ec5b6a45732a085541a05ad79
-
SSDEEP
12288:YMrFy90g9Q4/KbqE4VmOpYn10QvzH8vAaJey8t:dyO4Kbq3cp8YaJ0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-