General
-
Target
d23377638cab0ee29ab55a5312279c32.exe
-
Size
1.9MB
-
Sample
220412-sgqjyscggm
-
MD5
d23377638cab0ee29ab55a5312279c32
-
SHA1
c97a094fb56509a79cdec0a56a5099d77aadd7a5
-
SHA256
148607dfd0bbe0d5b58268c6bd252a2cdbd2271e4f1b43138eb7de47eb51bf65
-
SHA512
e4eddf8407bb96b1916e6a32376ec6950dfa822d36519ad8cab03ac57a391bd49d61b003ce261eccabba0bbf73788e77739bf8426b95a6adc306a1311f8a7004
Static task
static1
Behavioral task
behavioral1
Sample
d23377638cab0ee29ab55a5312279c32.exe
Resource
win7-20220331-en
Behavioral task
behavioral2
Sample
d23377638cab0ee29ab55a5312279c32.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
redline
@ansdvsvsvd
46.8.220.88:65531
-
auth_value
d7b874c6650abbcb219b4f56f4676fee
Targets
-
-
Target
d23377638cab0ee29ab55a5312279c32.exe
-
Size
1.9MB
-
MD5
d23377638cab0ee29ab55a5312279c32
-
SHA1
c97a094fb56509a79cdec0a56a5099d77aadd7a5
-
SHA256
148607dfd0bbe0d5b58268c6bd252a2cdbd2271e4f1b43138eb7de47eb51bf65
-
SHA512
e4eddf8407bb96b1916e6a32376ec6950dfa822d36519ad8cab03ac57a391bd49d61b003ce261eccabba0bbf73788e77739bf8426b95a6adc306a1311f8a7004
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-