General
-
Target
22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734
-
Size
6.7MB
-
Sample
220912-qa6w9adce2
-
MD5
9be5cf1bbb2988a7640df60a2b7edd9b
-
SHA1
f85aa6023e9e8924c0a28bcc57eb8e46a15f55f6
-
SHA256
22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734
-
SHA512
cdea910ca926ca9d61cc45bd33944971e7730ed1d9ec79780b1b590141ea311b3f83bd74aa90f6b5685f1f39be0d42becdc1a4acf32a90a64f9f00536f27ffcf
-
SSDEEP
98304:wy8QRWJDL97ATr3/pszj03/e+4znAqzIXAZgkLG9xBPr3ZZMnPmCmlim5FROc/L:p5on9GBiAqcwZDG9PpZMOCHi5L
Static task
static1
Behavioral task
behavioral1
Sample
22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
3108_RUZKI
213.219.247.199:9452
-
auth_value
f71fed1cd094e4e1eb7ad1c53e542bca
Targets
-
-
Target
22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734
-
Size
6.7MB
-
MD5
9be5cf1bbb2988a7640df60a2b7edd9b
-
SHA1
f85aa6023e9e8924c0a28bcc57eb8e46a15f55f6
-
SHA256
22c1d53ffde980544a2e044ff44fa8716da3a05a4ba54c1197432645d4c6b734
-
SHA512
cdea910ca926ca9d61cc45bd33944971e7730ed1d9ec79780b1b590141ea311b3f83bd74aa90f6b5685f1f39be0d42becdc1a4acf32a90a64f9f00536f27ffcf
-
SSDEEP
98304:wy8QRWJDL97ATr3/pszj03/e+4znAqzIXAZgkLG9xBPr3ZZMnPmCmlim5FROc/L:p5on9GBiAqcwZDG9PpZMOCHi5L
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-