General
-
Target
tmp
-
Size
6KB
-
Sample
221215-v5qwqsfh4y
-
MD5
285cbd341de6e17b42f1663245a58346
-
SHA1
5281aa0f428bca4b5eeafda1b7eefc5735490d09
-
SHA256
55466ebc5b9c9e17e47e2af745c118001c1163eaa9aa945760f90b2af3f8362c
-
SHA512
4a66b1409d84376228b4276dd13f0bd42aee0e935755faf01bde72c2b8a2d69da9addd55cf41a3c4a47ca06795f70ee6452976edc10de1b1ccea8705b3cd047d
-
SSDEEP
96:7sfW3+7yyZLiS9co2FhRPr4SNkyfkkWFnU:7/22Fhx4SGQz
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
SPOOFER
20.197.226.40:32619
Targets
-
-
Target
tmp
-
Size
6KB
-
MD5
285cbd341de6e17b42f1663245a58346
-
SHA1
5281aa0f428bca4b5eeafda1b7eefc5735490d09
-
SHA256
55466ebc5b9c9e17e47e2af745c118001c1163eaa9aa945760f90b2af3f8362c
-
SHA512
4a66b1409d84376228b4276dd13f0bd42aee0e935755faf01bde72c2b8a2d69da9addd55cf41a3c4a47ca06795f70ee6452976edc10de1b1ccea8705b3cd047d
-
SSDEEP
96:7sfW3+7yyZLiS9co2FhRPr4SNkyfkkWFnU:7/22Fhx4SGQz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-