General
-
Target
file.exe
-
Size
714KB
-
Sample
220928-qlm9aagaa7
-
MD5
086fe35804c1c397aa0c338f4ba5b485
-
SHA1
72fb0c1301676f43269dafdd9a0b878d7b6bad97
-
SHA256
de53e9a94cf357293dc9fe81b8ddb4d2e42208db9ef231e9a8ba15987ebc79d2
-
SHA512
790b287fce52834927a46b77bb2164f2618151b269a0426019cfaf3430539fc3a6a6fc147bd982583a0724988d483a0f2b2d9d213e68ff1dee56630160a8e897
-
SSDEEP
6144:85+YWbsYeOEg71Qx7RFLnlYIbNJ/XeSd16EDXW8jOD/gSXgqA6/lkw3RRNxNjfOK:Q6breOEg71C3NB9W77gSXNWwp
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
nam6.5
103.89.90.61:34589
-
auth_value
ea8cbb51ed8a91dcbe95697e8bb9a9d7
Targets
-
-
Target
file.exe
-
Size
714KB
-
MD5
086fe35804c1c397aa0c338f4ba5b485
-
SHA1
72fb0c1301676f43269dafdd9a0b878d7b6bad97
-
SHA256
de53e9a94cf357293dc9fe81b8ddb4d2e42208db9ef231e9a8ba15987ebc79d2
-
SHA512
790b287fce52834927a46b77bb2164f2618151b269a0426019cfaf3430539fc3a6a6fc147bd982583a0724988d483a0f2b2d9d213e68ff1dee56630160a8e897
-
SSDEEP
6144:85+YWbsYeOEg71Qx7RFLnlYIbNJ/XeSd16EDXW8jOD/gSXgqA6/lkw3RRNxNjfOK:Q6breOEg71C3NB9W77gSXNWwp
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-