General
-
Target
f9e5716e6b88e0fe3b07f1c7dfd6c6686cd4837e87bf1af0927142935cf536d4
-
Size
268KB
-
Sample
220913-jh25psaggk
-
MD5
79059ecd19e38cf5bf87c5ef4f8dabdf
-
SHA1
9a5e50df872f5ca83144c3404b2bffe148196cbf
-
SHA256
f9e5716e6b88e0fe3b07f1c7dfd6c6686cd4837e87bf1af0927142935cf536d4
-
SHA512
57379a69ae8ffc0597d6d830ee02d00f2d430ed85734d1118796f33177c705613af44aa29b7d234b42098338d94d67039fcab605efe952efb937e05a76342cef
-
SSDEEP
3072:7VCFOgY4GJwBjzHgclt8ALXyheF7XPJ++q9dxp0KtKwm+/VIT+GJax/5mnG/bvOm:8BjzAwZF9fqDz0KuCK+/5mnGT1V
Static task
static1
Behavioral task
behavioral1
Sample
f9e5716e6b88e0fe3b07f1c7dfd6c6686cd4837e87bf1af0927142935cf536d4.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
sep10as1
185.215.113.122:15386
-
auth_value
e45012eae57b2e57b34752fc802550c3
Extracted
redline
Lyla.11.09
185.215.113.216:21921
-
auth_value
a1e5192e588aa983d678ceb4d6e0d8b5
Targets
-
-
Target
f9e5716e6b88e0fe3b07f1c7dfd6c6686cd4837e87bf1af0927142935cf536d4
-
Size
268KB
-
MD5
79059ecd19e38cf5bf87c5ef4f8dabdf
-
SHA1
9a5e50df872f5ca83144c3404b2bffe148196cbf
-
SHA256
f9e5716e6b88e0fe3b07f1c7dfd6c6686cd4837e87bf1af0927142935cf536d4
-
SHA512
57379a69ae8ffc0597d6d830ee02d00f2d430ed85734d1118796f33177c705613af44aa29b7d234b42098338d94d67039fcab605efe952efb937e05a76342cef
-
SSDEEP
3072:7VCFOgY4GJwBjzHgclt8ALXyheF7XPJ++q9dxp0KtKwm+/VIT+GJax/5mnG/bvOm:8BjzAwZF9fqDz0KuCK+/5mnGT1V
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-