General
-
Target
comp
-
Size
59KB
-
Sample
230308-ljtk3aef6v
-
MD5
ca51df0fb6d4e43f6d0247359811c0bb
-
SHA1
77654975f69fdae6865fbcf86c053e0f47e82ff6
-
SHA256
d357aa32f6e5c46ec75b865d6809fc932f741c9e2a24391bd183ba29ef2cf165
-
SHA512
69f59146413291729ffa16522313d1d1f678ca4373343f9787bfd18107c42f7750f37defe7bdd7d87d2bb6f46193a7399326677d212527366b37a6de46fe3d5e
-
SSDEEP
1536:PP19cMtBi1qJ5d24Uu5cDg1OT5oTd5G3bv:bzSqjd2fu5/kFop5G3bv
Static task
static1
Behavioral task
behavioral1
Sample
comp.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
Error
104.161.22.147:39801
-
auth_value
52717c09b6af10a8a93102c172d6a856
Targets
-
-
Target
comp
-
Size
59KB
-
MD5
ca51df0fb6d4e43f6d0247359811c0bb
-
SHA1
77654975f69fdae6865fbcf86c053e0f47e82ff6
-
SHA256
d357aa32f6e5c46ec75b865d6809fc932f741c9e2a24391bd183ba29ef2cf165
-
SHA512
69f59146413291729ffa16522313d1d1f678ca4373343f9787bfd18107c42f7750f37defe7bdd7d87d2bb6f46193a7399326677d212527366b37a6de46fe3d5e
-
SSDEEP
1536:PP19cMtBi1qJ5d24Uu5cDg1OT5oTd5G3bv:bzSqjd2fu5/kFop5G3bv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-