General
-
Target
file.exe
-
Size
813KB
-
Sample
221129-sj21rsba96
-
MD5
7e24338014cbbcd2876198f9a88abf4e
-
SHA1
1060924310d7bb365e86f9aa5a8d65a27a8f2344
-
SHA256
03c5fe80c0077a6c33fdbac342b7895b61c66377b7419e473bdabee3bed1a92c
-
SHA512
6b90bdaea9ac5c45eddb57896f2ab77b1fda04724a55c61d15ebb3b80b10da3f56ad82cd1b83a7d5f02047b688cc8267f9ab3b0a9046ef5f8ef46773a25b91df
-
SSDEEP
24576:Y7dDdEPfNN6hzGwS4KNHNKGdANLr0VshYbqkfc4:MgP0k4KRYGWr8syqkfc
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
APP
37.139.128.51:53092
Targets
-
-
Target
file.exe
-
Size
813KB
-
MD5
7e24338014cbbcd2876198f9a88abf4e
-
SHA1
1060924310d7bb365e86f9aa5a8d65a27a8f2344
-
SHA256
03c5fe80c0077a6c33fdbac342b7895b61c66377b7419e473bdabee3bed1a92c
-
SHA512
6b90bdaea9ac5c45eddb57896f2ab77b1fda04724a55c61d15ebb3b80b10da3f56ad82cd1b83a7d5f02047b688cc8267f9ab3b0a9046ef5f8ef46773a25b91df
-
SSDEEP
24576:Y7dDdEPfNN6hzGwS4KNHNKGdANLr0VshYbqkfc4:MgP0k4KRYGWr8syqkfc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-