General
-
Target
Install.EXE
-
Size
1.3MB
-
Sample
210713-9ptm893yfs
-
MD5
eadac911eb5d946a0dbb7ac77887abfc
-
SHA1
0d20d32fc2bcf8663af5a140179e95364ac48543
-
SHA256
261923e2c95ef441a2f1f8e62572b57ed774b249db4d7a24ea06690e68fe381f
-
SHA512
40648c500c7659f9213e8687f8b2bc1c61970dfb2b7a4444588c93d2a858c388f1975fc5045054047b6b75357d14f6c86dcfe128fc0615efd748eee61f646f81
Static task
static1
Behavioral task
behavioral1
Sample
Install.EXE
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Install.EXE
Resource
win10v20210408
Malware Config
Extracted
redline
Build1
45.142.213.135:30058
Targets
-
-
Target
Install.EXE
-
Size
1.3MB
-
MD5
eadac911eb5d946a0dbb7ac77887abfc
-
SHA1
0d20d32fc2bcf8663af5a140179e95364ac48543
-
SHA256
261923e2c95ef441a2f1f8e62572b57ed774b249db4d7a24ea06690e68fe381f
-
SHA512
40648c500c7659f9213e8687f8b2bc1c61970dfb2b7a4444588c93d2a858c388f1975fc5045054047b6b75357d14f6c86dcfe128fc0615efd748eee61f646f81
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-