General
-
Target
92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
-
Size
385KB
-
Sample
221121-shda1seg87
-
MD5
55b1fd7484074158f9e9e8f657ec5a94
-
SHA1
6988125039cbf77b4ff06fa75fa56975004d3333
-
SHA256
92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
-
SHA512
a7b292cc74578308b4c3d129809119a96c6522185e05ddaefb294ae6636894a145383140d23b1d3217f300ee63646d6f185fdb02dcbd9ab0ee5d840aa49b4de9
-
SSDEEP
12288:3fW6EQ0byZvdEnOuX9opfM99K0S+pOxOTEh25D:3fCbyZvdEnFX9op2KQKdhA
Static task
static1
Malware Config
Extracted
redline
top1
chardhesha.xyz:81
jalocliche.xyz:81
-
auth_value
fa2afa98a6579319e36e31ee0552bd57
Targets
-
-
Target
92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
-
Size
385KB
-
MD5
55b1fd7484074158f9e9e8f657ec5a94
-
SHA1
6988125039cbf77b4ff06fa75fa56975004d3333
-
SHA256
92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
-
SHA512
a7b292cc74578308b4c3d129809119a96c6522185e05ddaefb294ae6636894a145383140d23b1d3217f300ee63646d6f185fdb02dcbd9ab0ee5d840aa49b4de9
-
SSDEEP
12288:3fW6EQ0byZvdEnOuX9opfM99K0S+pOxOTEh25D:3fCbyZvdEnFX9op2KQKdhA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-