General
-
Target
f25086a4bc3253035f355d0acfc513c8fb978d954c48de383427005c65174984
-
Size
130KB
-
Sample
220926-x82hrabha7
-
MD5
093abfcf0894a6d848487e82a0f6cb62
-
SHA1
3716856c02d48f6327a0565db0840fbf3e6f2c21
-
SHA256
f25086a4bc3253035f355d0acfc513c8fb978d954c48de383427005c65174984
-
SHA512
811e351cfa8264967e285a2fa6687aed8dee9eeebcdc2d725745e64114200ede60d352cd8ff10e2d119b2b8593aa36f06186b6e897718563116dd1cce9939251
-
SSDEEP
3072:k1FdT55WN7RSCjbL/xJ40/3Bayju97T6w5B:5WCjbL5J40/xXV
Static task
static1
Behavioral task
behavioral1
Sample
f25086a4bc3253035f355d0acfc513c8fb978d954c48de383427005c65174984.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
inslab26
185.182.194.25:8251
-
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b
Extracted
redline
LogsDiller Cloud (TG: @mr_golds)
77.73.134.27:7161
-
auth_value
4b2de03af6b6ac513ac597c2e6c1ad51
Extracted
redline
@au72921
77.73.133.19:31892
-
auth_value
10dbc10867b54edc79b224c256a6dc5a
Targets
-
-
Target
f25086a4bc3253035f355d0acfc513c8fb978d954c48de383427005c65174984
-
Size
130KB
-
MD5
093abfcf0894a6d848487e82a0f6cb62
-
SHA1
3716856c02d48f6327a0565db0840fbf3e6f2c21
-
SHA256
f25086a4bc3253035f355d0acfc513c8fb978d954c48de383427005c65174984
-
SHA512
811e351cfa8264967e285a2fa6687aed8dee9eeebcdc2d725745e64114200ede60d352cd8ff10e2d119b2b8593aa36f06186b6e897718563116dd1cce9939251
-
SSDEEP
3072:k1FdT55WN7RSCjbL/xJ40/3Bayju97T6w5B:5WCjbL5J40/xXV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-