General
-
Target
Wallet pass.exe
-
Size
1.3MB
-
Sample
230627-1fxwmsge2x
-
MD5
21cbc38776a465e3bee495836a934a02
-
SHA1
b2f6acdae49a84632ef913aea33ccf9949de2338
-
SHA256
86f5b4f32c68f9337a19363da77d77b6275923da37d2e4144b8f0740620fd3ac
-
SHA512
8c725fb36de9400d24a8bac0fb5c96370faadce81e0d0c2173f594a5b0288712b1b63c3691566707be67f368cec6a0649bbdbbaa51dcebd3703e8aa9bc7022f2
-
SSDEEP
24576:nrB7SdV5WjDB/ncHlUP0jW62JC1HTK75FmfVcseNPwMv4:nqlnjW5QmPJv4
Static task
static1
Behavioral task
behavioral1
Sample
Wallet pass.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
@cryptocodi
94.142.138.4:80
-
auth_value
198c6645d590bf9278910b885d83b15e
Extracted
laplas
http://185.209.161.189
-
api_key
f0cd0c3938331a84425c6e784f577ccd87bb667cfdb44cc24f97f402ac5e15b7
Targets
-
-
Target
Wallet pass.exe
-
Size
1.3MB
-
MD5
21cbc38776a465e3bee495836a934a02
-
SHA1
b2f6acdae49a84632ef913aea33ccf9949de2338
-
SHA256
86f5b4f32c68f9337a19363da77d77b6275923da37d2e4144b8f0740620fd3ac
-
SHA512
8c725fb36de9400d24a8bac0fb5c96370faadce81e0d0c2173f594a5b0288712b1b63c3691566707be67f368cec6a0649bbdbbaa51dcebd3703e8aa9bc7022f2
-
SSDEEP
24576:nrB7SdV5WjDB/ncHlUP0jW62JC1HTK75FmfVcseNPwMv4:nqlnjW5QmPJv4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-