General
-
Target
186a92f25dbe48f0c288400de870b660f17889d2ec9eee67ddbee4c2f3e40364
-
Size
153KB
-
Sample
220926-vjteqsbdc7
-
MD5
697b2105b4052380ea3ca695acc42c79
-
SHA1
359d945b4afc9953e797b7861dbebe9e6bf10b40
-
SHA256
186a92f25dbe48f0c288400de870b660f17889d2ec9eee67ddbee4c2f3e40364
-
SHA512
28b199679e4022ec5d90923d4b129b9c47ed3deab382c23252b23c353abe50df5092d925af496eac264106e8bc051d24a510f2d1be6a8a1b0f832c285fe62f03
-
SSDEEP
3072:0GxzTjTc5S5utC0mK45muLR91BHr0v5B:hW40mKArz
Static task
static1
Behavioral task
behavioral1
Sample
186a92f25dbe48f0c288400de870b660f17889d2ec9eee67ddbee4c2f3e40364.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Extracted
redline
installskript
185.224.133.182:16382
-
auth_value
f7f5626eb8e9e541c2d17255f9d8f755
Targets
-
-
Target
186a92f25dbe48f0c288400de870b660f17889d2ec9eee67ddbee4c2f3e40364
-
Size
153KB
-
MD5
697b2105b4052380ea3ca695acc42c79
-
SHA1
359d945b4afc9953e797b7861dbebe9e6bf10b40
-
SHA256
186a92f25dbe48f0c288400de870b660f17889d2ec9eee67ddbee4c2f3e40364
-
SHA512
28b199679e4022ec5d90923d4b129b9c47ed3deab382c23252b23c353abe50df5092d925af496eac264106e8bc051d24a510f2d1be6a8a1b0f832c285fe62f03
-
SSDEEP
3072:0GxzTjTc5S5utC0mK45muLR91BHr0v5B:hW40mKArz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-