General
-
Target
5229f4d7ccb40a8c71606a72bc43b8a4fb1855a27c57314871e9c164b4a50484
-
Size
5.4MB
-
Sample
221002-17s2rseeem
-
MD5
ba60e23ac2a9c0b2cd5e7bae7ad5049a
-
SHA1
359aee0cb29012f0ed373b30383d7e26df710fdc
-
SHA256
5229f4d7ccb40a8c71606a72bc43b8a4fb1855a27c57314871e9c164b4a50484
-
SHA512
a9f14fadd3b7d84dc9e4a90eab2704a6776b3563976d9de767184c9d323776781edbe2ac1f9077cd77860f86744772a79fc7b0106000b4ba94e03d9d9ffa45ca
-
SSDEEP
49152:2PFJCvLqOaSTK5ISawpVpVliC8TkxZyh5u4P0zg7vrctB/irpXoXPpS:2PFsjqOaSFUzyPvcj/PA
Static task
static1
Behavioral task
behavioral1
Sample
5229f4d7ccb40a8c71606a72bc43b8a4fb1855a27c57314871e9c164b4a50484.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
JOKER
185.215.113.217:19618
-
auth_value
fbdd1ed5d25f3ea0234594f3484c633d
Targets
-
-
Target
5229f4d7ccb40a8c71606a72bc43b8a4fb1855a27c57314871e9c164b4a50484
-
Size
5.4MB
-
MD5
ba60e23ac2a9c0b2cd5e7bae7ad5049a
-
SHA1
359aee0cb29012f0ed373b30383d7e26df710fdc
-
SHA256
5229f4d7ccb40a8c71606a72bc43b8a4fb1855a27c57314871e9c164b4a50484
-
SHA512
a9f14fadd3b7d84dc9e4a90eab2704a6776b3563976d9de767184c9d323776781edbe2ac1f9077cd77860f86744772a79fc7b0106000b4ba94e03d9d9ffa45ca
-
SSDEEP
49152:2PFJCvLqOaSTK5ISawpVpVliC8TkxZyh5u4P0zg7vrctB/irpXoXPpS:2PFsjqOaSFUzyPvcj/PA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-