General
-
Target
AdobeCreativeCloud.zip
-
Size
4.9MB
-
Sample
221017-rkyjascbhr
-
MD5
74aac0ca40217384ef97bd108792e433
-
SHA1
443663fcc2e18939d9ff76781f280d78fdcc116e
-
SHA256
fde51614f4bf3e2868d946210ac8865212592f7b825c9f1de17b57e2436d5248
-
SHA512
08deca3fde3a6e524786c5d6bda8a465ddae593272652a971bb0540b0605e36c462f7e24e7a20eed158d807c73e1690f17ab65030d0e561badf354cfcde4bbd4
-
SSDEEP
98304:mVqu6w8moaqcdYWThRvVqrW+0+ZkUEeEYdLaCJx:mMu6weDfSdEWmksJx
Malware Config
Extracted
redline
YouTube
95.216.170.17:29995
-
auth_value
2d03f5a28df3f566b9d6e7ed9576a2d2
Targets
-
-
Target
AdobeCreativeCloud/Adobe Creative Cloud.exe
-
Size
700.0MB
-
MD5
52a73dc972a6a4d6a13fb82ebc0e84b9
-
SHA1
447da1625653eb47b49727a8ec7f8824ecf727ee
-
SHA256
99ab4b8f0424304fb0e31f5605e4312f6dde70a8196a82df24ad3a6b0e78bed8
-
SHA512
6386580a1617ea5aa4b029081c822d3e3ed9d0814c3e1ff4033415bc9b037ba80faed09fa85cc12d24d63f744879670ad41637175fc686b505896845a8942738
-
SSDEEP
49152:I5cDSJcN4EowL1rvVqh5p+INlaVLWvs+1knum4gYdQXyp46gDwv/HnS:IaAcN4EL1rvVqhmiE+1kum4gYd5e+a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-