General
-
Target
0fdeafeda5401dd9a63c5d2b3297af4a0c55acb3eacd415f26b48698209c1f4a
-
Size
129KB
-
Sample
220926-1g731acae5
-
MD5
dee926d270f9fafad58ac3b23556c6c8
-
SHA1
4bf63b928e7e921cb872fd9037fc2e52d73ad7d9
-
SHA256
0fdeafeda5401dd9a63c5d2b3297af4a0c55acb3eacd415f26b48698209c1f4a
-
SHA512
63334c471cb558e7f1c828911d36814c8bc155396ea00c56b09283f1c6c379e16fbb40b3025b837fab61521abfa74abee4b27c10feb28d4b2631ce3afa4df7cf
-
SSDEEP
3072:2o8gydZjcJUhT55WW/wUXlQ1pCkhqWTAA4G18uA4gAvx15B:2eojc2N/wXH7BTx4G17AK
Static task
static1
Behavioral task
behavioral1
Sample
0fdeafeda5401dd9a63c5d2b3297af4a0c55acb3eacd415f26b48698209c1f4a.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Targets
-
-
Target
0fdeafeda5401dd9a63c5d2b3297af4a0c55acb3eacd415f26b48698209c1f4a
-
Size
129KB
-
MD5
dee926d270f9fafad58ac3b23556c6c8
-
SHA1
4bf63b928e7e921cb872fd9037fc2e52d73ad7d9
-
SHA256
0fdeafeda5401dd9a63c5d2b3297af4a0c55acb3eacd415f26b48698209c1f4a
-
SHA512
63334c471cb558e7f1c828911d36814c8bc155396ea00c56b09283f1c6c379e16fbb40b3025b837fab61521abfa74abee4b27c10feb28d4b2631ce3afa4df7cf
-
SSDEEP
3072:2o8gydZjcJUhT55WW/wUXlQ1pCkhqWTAA4G18uA4gAvx15B:2eojc2N/wXH7BTx4G17AK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-