General
-
Target
ce3ae31e260c8f7d8b871d051fc1c8b63603d9301d04c25263caf0d10b261dab
-
Size
1.7MB
-
Sample
220706-kz3cgachc5
-
MD5
01b90f050d9242430717a82ffa3f525b
-
SHA1
044bdbc3fc51ef4227004554878ceefe91d28678
-
SHA256
ce3ae31e260c8f7d8b871d051fc1c8b63603d9301d04c25263caf0d10b261dab
-
SHA512
6c26124aabd87f60fe026ac994abf5ca11c80ab5c29df654d702489b2bca71823991c640a974903869f5c09b9017e47ca53b59cf77565b46584e7806ec3b6b5a
Static task
static1
Malware Config
Extracted
redline
1
185.215.113.75:81
-
auth_value
2682d723acbf6debf09e4b76df8a5543
Targets
-
-
Target
ce3ae31e260c8f7d8b871d051fc1c8b63603d9301d04c25263caf0d10b261dab
-
Size
1.7MB
-
MD5
01b90f050d9242430717a82ffa3f525b
-
SHA1
044bdbc3fc51ef4227004554878ceefe91d28678
-
SHA256
ce3ae31e260c8f7d8b871d051fc1c8b63603d9301d04c25263caf0d10b261dab
-
SHA512
6c26124aabd87f60fe026ac994abf5ca11c80ab5c29df654d702489b2bca71823991c640a974903869f5c09b9017e47ca53b59cf77565b46584e7806ec3b6b5a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-