General
-
Target
file.exe
-
Size
1.0MB
-
Sample
221206-r5vm5sgb52
-
MD5
956ca08ee57be73ac0553ee9d746c2ab
-
SHA1
1cadb0b1c309a084b6d750cbdbe17d61e7d5af6d
-
SHA256
055d83bcccec065b499934243c2e13fce770eb99e33f3718c3dff21410492cd8
-
SHA512
e7c403179416b365862a30b171bd3c2fa171733185bc1bac4e0619c78252232c5701cc9288f4c3d3a97a929904f50b8dc4f4aa28db8b41cb722dc33c07d7a9e0
-
SSDEEP
12288:MBTrkSnXEjuI++KnE9gTHGaFbudB9AfXmYorqVhbBi:KTrkSnXYuEaTHdIAfXmJrqVhb8
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
private
151.80.89.227:45878
-
auth_value
60894ac4c1d4d6c9ffb36078809b8c34
Extracted
redline
06.12
81.161.229.143:26910
-
auth_value
0061b5af99ee5ea0578c1fe360993853
Targets
-
-
Target
file.exe
-
Size
1.0MB
-
MD5
956ca08ee57be73ac0553ee9d746c2ab
-
SHA1
1cadb0b1c309a084b6d750cbdbe17d61e7d5af6d
-
SHA256
055d83bcccec065b499934243c2e13fce770eb99e33f3718c3dff21410492cd8
-
SHA512
e7c403179416b365862a30b171bd3c2fa171733185bc1bac4e0619c78252232c5701cc9288f4c3d3a97a929904f50b8dc4f4aa28db8b41cb722dc33c07d7a9e0
-
SSDEEP
12288:MBTrkSnXEjuI++KnE9gTHGaFbudB9AfXmYorqVhbBi:KTrkSnXYuEaTHdIAfXmJrqVhb8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-