General
-
Target
705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af
-
Size
224KB
-
Sample
221023-hfkbfahacq
-
MD5
bfed0c169bf6f00495da2e6de9fd87e5
-
SHA1
1dca4747cea1b6b37979a905bddeec8259e5f398
-
SHA256
705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af
-
SHA512
6aab3d4f00c1d06c7707e2e44ee6b1ea8e7b77cf19676d0cae94cb674163d0af916cbf39134b3699aa6e5e21e5ff4f75412b719bffd36328422b7091dffb3e79
-
SSDEEP
3072:mXVjEB2LP/U9nMwnZ5LcQHdp1w3UjbSJYHsXnTK8K2cP1/8:O1EB2LXWnXnUj6SGHU+q
Static task
static1
Behavioral task
behavioral1
Sample
705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
nam7
103.89.90.61:34589
-
auth_value
533c8fbdab4382453812c73ea2cee5b8
Extracted
redline
Google2
167.235.71.14:20469
-
auth_value
fb274d9691235ba015830da570a13578
Extracted
redline
slovarikinstalls
78.153.144.3:2510
-
auth_value
5f80b2ec82e3bd02a08a3a55d3180551
Extracted
redline
Newe
89.208.106.66:4691
-
auth_value
e7141b98243e53ec71dadf6344aff038
Targets
-
-
Target
705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af
-
Size
224KB
-
MD5
bfed0c169bf6f00495da2e6de9fd87e5
-
SHA1
1dca4747cea1b6b37979a905bddeec8259e5f398
-
SHA256
705c06d1436bef370d7f66c10e397d41247a2c8aa3c330ada91492e9e1a0e1af
-
SHA512
6aab3d4f00c1d06c7707e2e44ee6b1ea8e7b77cf19676d0cae94cb674163d0af916cbf39134b3699aa6e5e21e5ff4f75412b719bffd36328422b7091dffb3e79
-
SSDEEP
3072:mXVjEB2LP/U9nMwnZ5LcQHdp1w3UjbSJYHsXnTK8K2cP1/8:O1EB2LXWnXnUj6SGHU+q
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-