General
-
Target
409a345a063f2fc853b7b45c060970231d9fdc6b45344.exe
-
Size
1.2MB
-
Sample
220514-se1bdacgcn
-
MD5
c52e23f559f027c6af598ff0a4c3497d
-
SHA1
0e6de0682ae5d89a6530a6c6e03054f5aaeb0662
-
SHA256
409a345a063f2fc853b7b45c060970231d9fdc6b453444ae855b7fda4be50021
-
SHA512
802159c0fa6034dfc4278ee470aef46a52947006b007ae6a90391377d6c9b3774c999c30ab8d62a10869bf4d459736da4b70ce97d7771bf849effff7714e6428
Static task
static1
Behavioral task
behavioral1
Sample
409a345a063f2fc853b7b45c060970231d9fdc6b45344.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
409a345a063f2fc853b7b45c060970231d9fdc6b45344.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
test1
23.88.112.179:19536
-
auth_value
68c6114f4d4c471ad88677f54e75676f
Targets
-
-
Target
409a345a063f2fc853b7b45c060970231d9fdc6b45344.exe
-
Size
1.2MB
-
MD5
c52e23f559f027c6af598ff0a4c3497d
-
SHA1
0e6de0682ae5d89a6530a6c6e03054f5aaeb0662
-
SHA256
409a345a063f2fc853b7b45c060970231d9fdc6b453444ae855b7fda4be50021
-
SHA512
802159c0fa6034dfc4278ee470aef46a52947006b007ae6a90391377d6c9b3774c999c30ab8d62a10869bf4d459736da4b70ce97d7771bf849effff7714e6428
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-