General
-
Target
5bd89f22193f6b9f30286ecff6eed072.exe
-
Size
352KB
-
Sample
221027-ecep1aaecr
-
MD5
5bd89f22193f6b9f30286ecff6eed072
-
SHA1
e14935e400d03526d972c5f3948ad718e7155525
-
SHA256
35c45ea469ba26fe2b6d8dfc626006070a5b27378c060b1c7e38edb94a26490c
-
SHA512
30d839455a216fba71f1ec1c9448ed954bcbad9a8592a093ee0968da93ad93cfb865b3d6e8cbb6b9cb40fd9fac1c764339779844f49894728a4afc5814347e37
-
SSDEEP
6144:uVg7Y+ceBD+MMkUZhMQN4HqeZnCm0AOAx+32jG4WNC9uFVzj3kSFRdh:u+Y+ceBD+DLhJtZOXtuXkSHdh
Static task
static1
Behavioral task
behavioral1
Sample
5bd89f22193f6b9f30286ecff6eed072.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
193.164.16.192:47029
-
auth_value
cbdeb17735c6f7affad6a080e4be73a8
Extracted
vidar
55.2
1707
https://t.me/slivetalks
https://c.im/@xinibin420
-
profile_id
1707
Targets
-
-
Target
5bd89f22193f6b9f30286ecff6eed072.exe
-
Size
352KB
-
MD5
5bd89f22193f6b9f30286ecff6eed072
-
SHA1
e14935e400d03526d972c5f3948ad718e7155525
-
SHA256
35c45ea469ba26fe2b6d8dfc626006070a5b27378c060b1c7e38edb94a26490c
-
SHA512
30d839455a216fba71f1ec1c9448ed954bcbad9a8592a093ee0968da93ad93cfb865b3d6e8cbb6b9cb40fd9fac1c764339779844f49894728a4afc5814347e37
-
SSDEEP
6144:uVg7Y+ceBD+MMkUZhMQN4HqeZnCm0AOAx+32jG4WNC9uFVzj3kSFRdh:u+Y+ceBD+DLhJtZOXtuXkSHdh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-