General
-
Target
15c61bff122689fbca8f61c8cc3c77d54a7320a7427e9b098fec82233459884a
-
Size
1.7MB
-
Sample
221006-ln3drshbfp
-
MD5
5f48f3eceef12e98821d2a26b0e039ce
-
SHA1
a98164df15415cfb0a22b7d8382f04914e5fef56
-
SHA256
15c61bff122689fbca8f61c8cc3c77d54a7320a7427e9b098fec82233459884a
-
SHA512
cdc698888018581607cf14fc2d6e3b7bfcee8c4dd7bef7b6b895845190e11e5866f1d62709432f600cd6c9905d7c858d505f050616068e37b42524d6acd3ffde
-
SSDEEP
49152:UooLvKAZwwT3zu3Ykuiy/OzsSuRw4hX02JZxH:UooL0wT3dcmG2JTH
Static task
static1
Behavioral task
behavioral1
Sample
15c61bff122689fbca8f61c8cc3c77d54a7320a7427e9b098fec82233459884a.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@moriwWs
litrazalilibe.xyz:81
-
auth_value
c2f987b4e6cd55ad1315311e92563eca
Extracted
redline
185.186.142.127:17355
-
auth_value
2d7be1ed915f7e5f91af0977d4175cb7
Extracted
redline
h
185.106.92.139:16578
-
auth_value
d5aafe5ab67bae4a3f7cda3b2e30f9b7
Targets
-
-
Target
15c61bff122689fbca8f61c8cc3c77d54a7320a7427e9b098fec82233459884a
-
Size
1.7MB
-
MD5
5f48f3eceef12e98821d2a26b0e039ce
-
SHA1
a98164df15415cfb0a22b7d8382f04914e5fef56
-
SHA256
15c61bff122689fbca8f61c8cc3c77d54a7320a7427e9b098fec82233459884a
-
SHA512
cdc698888018581607cf14fc2d6e3b7bfcee8c4dd7bef7b6b895845190e11e5866f1d62709432f600cd6c9905d7c858d505f050616068e37b42524d6acd3ffde
-
SSDEEP
49152:UooLvKAZwwT3zu3Ykuiy/OzsSuRw4hX02JZxH:UooL0wT3dcmG2JTH
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-