General
-
Target
Adobe Photoshop.exe
-
Size
655.1MB
-
Sample
230215-q9acbsbg71
-
MD5
af15f72b79b048f1332bbeeea170be17
-
SHA1
3d4413a0dfdc728b34e2c782a8791620cf6740bd
-
SHA256
c3971ddf39e5cad5f5c9d13b04c3dc61fb8a18511b2612230ccc784be2230d67
-
SHA512
99198277898d79082f11fe48a22c8a5d632cb240057200ec4f3fd0d183ea98a7b0db4b166f57b8aac5d9af0ec6c0cbb64e1529ab2d78beea0591cac119eace1b
-
SSDEEP
6144:39ntebSIFlHWvBhjs/dn19s2lA1Tu4mfp9Gy:3/ebdF9WbARkM5Rfp8y
Malware Config
Extracted
redline
65.109.139.121:28859
-
auth_value
b79a864f2139a1610facb608c4aa7e8a
Targets
-
-
Target
Adobe Photoshop.exe
-
Size
655.1MB
-
MD5
af15f72b79b048f1332bbeeea170be17
-
SHA1
3d4413a0dfdc728b34e2c782a8791620cf6740bd
-
SHA256
c3971ddf39e5cad5f5c9d13b04c3dc61fb8a18511b2612230ccc784be2230d67
-
SHA512
99198277898d79082f11fe48a22c8a5d632cb240057200ec4f3fd0d183ea98a7b0db4b166f57b8aac5d9af0ec6c0cbb64e1529ab2d78beea0591cac119eace1b
-
SSDEEP
6144:39ntebSIFlHWvBhjs/dn19s2lA1Tu4mfp9Gy:3/ebdF9WbARkM5Rfp8y
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-