General
-
Target
0832ff937c6402ec6b252692df3f45abbe08291b1696f243c99f5aef93270d88
-
Size
760KB
-
Sample
230212-syd79aec7s
-
MD5
252b8be94ec57f65a21f7eca12f0c01a
-
SHA1
36b7fd1715d9168f87cc9a2724dc7d62ef0b1e13
-
SHA256
0832ff937c6402ec6b252692df3f45abbe08291b1696f243c99f5aef93270d88
-
SHA512
e5eeeb84bc18195ad44b5e99043372e1e9b6c365b048891bc992d440c5f81d6a5b5064cc2b389dbbe10ecb27cef5f94b44c66bcb807d04a3865a0a35abab485d
-
SSDEEP
12288:DMr5y909ICfwhIvQT4M+KAygkBBDFVtuv6r1tX+NeM68QrJ4nqPln:SyoICfw2vrM+XohZuiH+NeocJ4q9n
Static task
static1
Malware Config
Extracted
redline
romik
193.233.20.12:4132
-
auth_value
8fb78d2889ba0ca42678b59b884e88ff
Extracted
redline
dunm
193.233.20.12:4132
-
auth_value
352959e3707029296ec94306d74e2334
Extracted
redline
crypt1
176.113.115.17:4132
-
auth_value
2e2ca7bbceaa9f98252a6f9fc0e6fa86
Targets
-
-
Target
0832ff937c6402ec6b252692df3f45abbe08291b1696f243c99f5aef93270d88
-
Size
760KB
-
MD5
252b8be94ec57f65a21f7eca12f0c01a
-
SHA1
36b7fd1715d9168f87cc9a2724dc7d62ef0b1e13
-
SHA256
0832ff937c6402ec6b252692df3f45abbe08291b1696f243c99f5aef93270d88
-
SHA512
e5eeeb84bc18195ad44b5e99043372e1e9b6c365b048891bc992d440c5f81d6a5b5064cc2b389dbbe10ecb27cef5f94b44c66bcb807d04a3865a0a35abab485d
-
SSDEEP
12288:DMr5y909ICfwhIvQT4M+KAygkBBDFVtuv6r1tX+NeM68QrJ4nqPln:SyoICfw2vrM+XohZuiH+NeocJ4q9n
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-