General
-
Target
file.exe
-
Size
848KB
-
Sample
230620-gvbr6sbd4y
-
MD5
41324a44f3c3b6a06b7acb27c24cb8be
-
SHA1
f006637ba0718ecf52b1bff5dbb8292dba7f3809
-
SHA256
b02a04e65ae9453f1c3bc5fcfd47686be2fb8b8f978c3ec29a0c6749106ed4f7
-
SHA512
3d62e87bad8edc7ce23295bb0f20b381f0077e375425c1379be604984636957a12be0799cd9e5f88817a63575d5c586caa71fee5f37e95750a651fb5d1855691
-
SSDEEP
12288:AVkLJo17O5rRfZZExSnCTWM/VFtwIHx7xcUAH5b1wOe1H47l+6cw9t:AYJo17WrRfZZEKC/VFBR5Oe1H406Zj
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
1
95.216.249.153:81
-
auth_value
a290efd4796d37556cc5af7e83c91346
Extracted
laplas
http://45.159.189.105
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Extracted
laplas
http://45.159.189.105
-
api_key
ab77c1513d42148558312d676282a204d8aa055051d315af2056241c7f79c6f4
Targets
-
-
Target
file.exe
-
Size
848KB
-
MD5
41324a44f3c3b6a06b7acb27c24cb8be
-
SHA1
f006637ba0718ecf52b1bff5dbb8292dba7f3809
-
SHA256
b02a04e65ae9453f1c3bc5fcfd47686be2fb8b8f978c3ec29a0c6749106ed4f7
-
SHA512
3d62e87bad8edc7ce23295bb0f20b381f0077e375425c1379be604984636957a12be0799cd9e5f88817a63575d5c586caa71fee5f37e95750a651fb5d1855691
-
SSDEEP
12288:AVkLJo17O5rRfZZExSnCTWM/VFtwIHx7xcUAH5b1wOe1H47l+6cw9t:AYJo17WrRfZZEKC/VFBR5Oe1H406Zj
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-