General
-
Target
file.exe
-
Size
7.5MB
-
Sample
220912-jm4t4agegk
-
MD5
698f860a3387c43630ce6db9ed23186c
-
SHA1
7c7ef967c36b7be7f3ddfd4a17983e7d87f5abf0
-
SHA256
26cdbe0f7546a9e3468ce796f238e0eef396ff81b1490953bdc58aba76d88236
-
SHA512
626917073db8c105c1ec5230eb8870e62212613cd8002a6ae10e3ed2ca23f26deb891aaded8f727ba37d8cfc98926d7f5c01f6d7623ac08b1bfe58864ed2dada
-
SSDEEP
196608:MK5w/YJIYf/0jjquBMakyrDQf8UBGo6p1sKKtYnA:MeIYJZ0fbMgQ0U8omsFtYnA
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
3108_RUZKI
213.219.247.199:9452
-
auth_value
f71fed1cd094e4e1eb7ad1c53e542bca
Targets
-
-
Target
file.exe
-
Size
7.5MB
-
MD5
698f860a3387c43630ce6db9ed23186c
-
SHA1
7c7ef967c36b7be7f3ddfd4a17983e7d87f5abf0
-
SHA256
26cdbe0f7546a9e3468ce796f238e0eef396ff81b1490953bdc58aba76d88236
-
SHA512
626917073db8c105c1ec5230eb8870e62212613cd8002a6ae10e3ed2ca23f26deb891aaded8f727ba37d8cfc98926d7f5c01f6d7623ac08b1bfe58864ed2dada
-
SSDEEP
196608:MK5w/YJIYf/0jjquBMakyrDQf8UBGo6p1sKKtYnA:MeIYJZ0fbMgQ0U8omsFtYnA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-