General
-
Target
0b757d38d347d1f763f59ab7f0423ae8.exe
-
Size
406KB
-
Sample
220605-h9h1gahaa4
-
MD5
0b757d38d347d1f763f59ab7f0423ae8
-
SHA1
fcf1b343ab5c7f9ac72fc6c85b3c478c5875f577
-
SHA256
2105710d19c34b91be3a37c24ab4a4835dcdc606c0f2d8b487beb0d24e336124
-
SHA512
0b9661590897256242ddc4ea43d069999e1ddca9d7fed671a6aa31a60f0da4bd820b8bb6c2502fa1b7979dea932375e2363e882e31379935751af1cdf2ce7d94
Static task
static1
Behavioral task
behavioral1
Sample
0b757d38d347d1f763f59ab7f0423ae8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0b757d38d347d1f763f59ab7f0423ae8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
X
194.127.179.35:35180
-
auth_value
76e43cff05002e5f6e3334fa7946e404
Targets
-
-
Target
0b757d38d347d1f763f59ab7f0423ae8.exe
-
Size
406KB
-
MD5
0b757d38d347d1f763f59ab7f0423ae8
-
SHA1
fcf1b343ab5c7f9ac72fc6c85b3c478c5875f577
-
SHA256
2105710d19c34b91be3a37c24ab4a4835dcdc606c0f2d8b487beb0d24e336124
-
SHA512
0b9661590897256242ddc4ea43d069999e1ddca9d7fed671a6aa31a60f0da4bd820b8bb6c2502fa1b7979dea932375e2363e882e31379935751af1cdf2ce7d94
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-