General
-
Target
92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
-
Size
307KB
-
Sample
221121-xpqxxadb79
-
MD5
93e2ec4f655c6d4a363146826ea966a5
-
SHA1
502d6aeaccc795617b8e8c95473324513344c3bd
-
SHA256
def0a557e76910ab9d94e8e7e6915e552278258f1553cf98dbd75eca1370c32b
-
SHA512
0a0e463698e679605caaf41685da8abc24a35c9a022c040b7297ef256e84b0d5238c58214ba840c2c08cc655e475e79b2ae10d5209fdcc5fc5571b4c3c6fcd5f
-
SSDEEP
6144:OJCUjIPOyLD5XW/KyYyT5OuX9opfdf5s99KSbNS+pPjSx9qmXAEWea75o10oXpXj:0CUjqOIdElOuX9opf899KUS+pOxYTE7f
Static task
static1
Behavioral task
behavioral1
Sample
92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
top1
chardhesha.xyz:81
jalocliche.xyz:81
-
auth_value
fa2afa98a6579319e36e31ee0552bd57
Targets
-
-
Target
92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
-
Size
385KB
-
MD5
55b1fd7484074158f9e9e8f657ec5a94
-
SHA1
6988125039cbf77b4ff06fa75fa56975004d3333
-
SHA256
92d305d4c7faa7d3d004a7c535d289235b187c4f72a97e76736f6fcd3fdbac22
-
SHA512
a7b292cc74578308b4c3d129809119a96c6522185e05ddaefb294ae6636894a145383140d23b1d3217f300ee63646d6f185fdb02dcbd9ab0ee5d840aa49b4de9
-
SSDEEP
12288:3fW6EQ0byZvdEnOuX9opfM99K0S+pOxOTEh25D:3fCbyZvdEnFX9op2KQKdhA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-