General
-
Target
file
-
Size
978KB
-
Sample
220908-vhxqrsfba2
-
MD5
89cdce67e7bb7d6d4c8545a2dca662de
-
SHA1
941ba84b77c822a49a72941d4395da7d00ee9890
-
SHA256
49f412c22d9944bbc1948cd41574d0856a12a7884600298ce129d1ffed5bf6dc
-
SHA512
f302954fe3cfa6c92d1ff092711af3e47f72b702f966b4666088ab2ff7b8e35a12d35aed8c86de47c3c0403077266692624dd527652bad6f089ffff981da1c42
-
SSDEEP
12288:0x5dRIv/m+HQ1OtRjCfjkHVOb/tn+rZYnt+oxheMSnQZ6GolarvUPkgJ2TWI:KHINtHssr2VbepQQGoG41JuWI
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
2
79.110.62.196:26277
-
auth_value
1c0b2a7d9265a0bd7186c9687fe62c4e
Targets
-
-
Target
file
-
Size
978KB
-
MD5
89cdce67e7bb7d6d4c8545a2dca662de
-
SHA1
941ba84b77c822a49a72941d4395da7d00ee9890
-
SHA256
49f412c22d9944bbc1948cd41574d0856a12a7884600298ce129d1ffed5bf6dc
-
SHA512
f302954fe3cfa6c92d1ff092711af3e47f72b702f966b4666088ab2ff7b8e35a12d35aed8c86de47c3c0403077266692624dd527652bad6f089ffff981da1c42
-
SSDEEP
12288:0x5dRIv/m+HQ1OtRjCfjkHVOb/tn+rZYnt+oxheMSnQZ6GolarvUPkgJ2TWI:KHINtHssr2VbepQQGoG41JuWI
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-