General
-
Target
99ef3dc9e708cb30d6d7b6c820a3ba531f6df1c80850394c69c1fdd82629fb4b
-
Size
529KB
-
Sample
211211-pbbl3abda3
-
MD5
69b0537aa7c938d286c62da1aa9565a7
-
SHA1
b6346d3e607b1b14f33422856dc0fc6ad9315041
-
SHA256
99ef3dc9e708cb30d6d7b6c820a3ba531f6df1c80850394c69c1fdd82629fb4b
-
SHA512
bda8565e1c8655cefcc3fb82bee676999625c065f86be475e6461be30a7fe07f58fce43f41fc816d9fe4607ec73963c38a0c87df5ce05e3d138d64e1d0404fb6
Static task
static1
Malware Config
Extracted
redline
777
93.115.20.139:28978
Targets
-
-
Target
99ef3dc9e708cb30d6d7b6c820a3ba531f6df1c80850394c69c1fdd82629fb4b
-
Size
529KB
-
MD5
69b0537aa7c938d286c62da1aa9565a7
-
SHA1
b6346d3e607b1b14f33422856dc0fc6ad9315041
-
SHA256
99ef3dc9e708cb30d6d7b6c820a3ba531f6df1c80850394c69c1fdd82629fb4b
-
SHA512
bda8565e1c8655cefcc3fb82bee676999625c065f86be475e6461be30a7fe07f58fce43f41fc816d9fe4607ec73963c38a0c87df5ce05e3d138d64e1d0404fb6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-