General
-
Target
ae6f0c0fe56e85208fe19a5f53a4428f.exe
-
Size
25KB
-
Sample
220701-xcwmmaaeel
-
MD5
ae6f0c0fe56e85208fe19a5f53a4428f
-
SHA1
c6d3f1e68e521a777dd2d0867a1ec5688cbb1e9b
-
SHA256
b1ff973149ab82f4a9cba506154e0604e3561a323c57bff5a0ac46c67a060c7d
-
SHA512
ba4b38913b241aedd392cfe98ae8de459fd21d7cf25ca639ef08acb455e338771f276212513732d5c2bc3f57a0a371e7f19b7372f1fbc510f7e2f2aa1af2b026
Static task
static1
Behavioral task
behavioral1
Sample
ae6f0c0fe56e85208fe19a5f53a4428f.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ae6f0c0fe56e85208fe19a5f53a4428f.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
build
172.93.213.137:7525
Targets
-
-
Target
ae6f0c0fe56e85208fe19a5f53a4428f.exe
-
Size
25KB
-
MD5
ae6f0c0fe56e85208fe19a5f53a4428f
-
SHA1
c6d3f1e68e521a777dd2d0867a1ec5688cbb1e9b
-
SHA256
b1ff973149ab82f4a9cba506154e0604e3561a323c57bff5a0ac46c67a060c7d
-
SHA512
ba4b38913b241aedd392cfe98ae8de459fd21d7cf25ca639ef08acb455e338771f276212513732d5c2bc3f57a0a371e7f19b7372f1fbc510f7e2f2aa1af2b026
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-