General
-
Target
932536b82f2cfdf2cc26698715b96844cf597170d7110ae80674122a9a647891
-
Size
198KB
-
Sample
221008-vy9p9sfbhm
-
MD5
9d33aced5a2ee1a182f95a804cc33f36
-
SHA1
6d086a4abd9ffe8ff5e48dc64b4e7dbddcac30b1
-
SHA256
932536b82f2cfdf2cc26698715b96844cf597170d7110ae80674122a9a647891
-
SHA512
6ea26f547a5470cd5300f92f6c71e43c3d0adc7855dc4ef45631f0745471b616cdee4126ffe79acd12720d3d3afabd450df43691dfeb6c2ef011d7cf0196f847
-
SSDEEP
1536:jrae78zjORCDGwfdCSog01313Ns5gRC5gGm+qc:JahKyd2n3165+UHh
Static task
static1
Behavioral task
behavioral1
Sample
932536b82f2cfdf2cc26698715b96844cf597170d7110ae80674122a9a647891.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
Nigh
80.66.87.20:80
-
auth_value
dab8506635d1dc134af4ebaedf4404eb
Targets
-
-
Target
932536b82f2cfdf2cc26698715b96844cf597170d7110ae80674122a9a647891
-
Size
198KB
-
MD5
9d33aced5a2ee1a182f95a804cc33f36
-
SHA1
6d086a4abd9ffe8ff5e48dc64b4e7dbddcac30b1
-
SHA256
932536b82f2cfdf2cc26698715b96844cf597170d7110ae80674122a9a647891
-
SHA512
6ea26f547a5470cd5300f92f6c71e43c3d0adc7855dc4ef45631f0745471b616cdee4126ffe79acd12720d3d3afabd450df43691dfeb6c2ef011d7cf0196f847
-
SSDEEP
1536:jrae78zjORCDGwfdCSog01313Ns5gRC5gGm+qc:JahKyd2n3165+UHh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-