General
-
Target
tmp
-
Size
2.4MB
-
Sample
220419-2l5zwaffe3
-
MD5
d3fa25cd32ce80a0ceadd3fd558a937e
-
SHA1
97bcc54787d0be7c7a763c115013f4a21d5b6141
-
SHA256
b91b53a5da645167538324aa1c374ce74cd2eda98158015c70f8283aeaf12176
-
SHA512
739e87620be35b06bc610a49b0fe781e5deba1938757cc0ca8f28071bac8c14119e85574344b632ab7833580d2a5499129f99ff61638f6307bd9bee2de86ba41
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
install
193.150.103.38:40169
-
auth_value
7b121606198c8456e17d49ab8c2d0e42
Targets
-
-
Target
tmp
-
Size
2.4MB
-
MD5
d3fa25cd32ce80a0ceadd3fd558a937e
-
SHA1
97bcc54787d0be7c7a763c115013f4a21d5b6141
-
SHA256
b91b53a5da645167538324aa1c374ce74cd2eda98158015c70f8283aeaf12176
-
SHA512
739e87620be35b06bc610a49b0fe781e5deba1938757cc0ca8f28071bac8c14119e85574344b632ab7833580d2a5499129f99ff61638f6307bd9bee2de86ba41
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-