General
-
Target
file
-
Size
3.5MB
-
Sample
220825-mtys7sbfgj
-
MD5
b89f19722b9314be39b045c6f86315e6
-
SHA1
ae44eccd47ac5e60ae32c201a09f4c79eb7ed688
-
SHA256
ab0e35830bdaf3502d037d059b50f1e10c8283f5300565d6fb311d0827ac6ae8
-
SHA512
92ad1fc392282dbd84799db94d068ad72edb0fef71ae9a49965bff61d93badcac4234458e90ceec65afb867d1ceafea0447091eae284d605b544086667974019
-
SSDEEP
3072:mo/4QDwwMDrOIOTV5wGvySOEIEVpIhkEJ/mJNlV/f76ebIvq57vJyBvlBD9YEnH2:CFCmq1UEw1+
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
nam6.2
103.89.90.61:34589
-
auth_value
2276f4d8810e679413659a9576a6cdf4
Targets
-
-
Target
file
-
Size
3.5MB
-
MD5
b89f19722b9314be39b045c6f86315e6
-
SHA1
ae44eccd47ac5e60ae32c201a09f4c79eb7ed688
-
SHA256
ab0e35830bdaf3502d037d059b50f1e10c8283f5300565d6fb311d0827ac6ae8
-
SHA512
92ad1fc392282dbd84799db94d068ad72edb0fef71ae9a49965bff61d93badcac4234458e90ceec65afb867d1ceafea0447091eae284d605b544086667974019
-
SSDEEP
3072:mo/4QDwwMDrOIOTV5wGvySOEIEVpIhkEJ/mJNlV/f76ebIvq57vJyBvlBD9YEnH2:CFCmq1UEw1+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-