General
-
Target
file.exe
-
Size
1.2MB
-
Sample
230517-svq3msee6y
-
MD5
6af6a7fac1197a9b12b28c0e4db8c18a
-
SHA1
357ae7d706de393d8743dbbe0d94bc87922643cf
-
SHA256
d0a2035c0431796c138a26d1c9a75142b613c5417dc96a9200723870d0b3a687
-
SHA512
6a89fbff98be91a89008830f7aa3f88ef8fcd4c9967d1443abda4bad71097f6abc6a1371e0767e8853a3e52bd4e3f944f4ccbb7f8173d06d7c777bc71823f899
-
SSDEEP
24576:2TbBv5rUyXVTW6Hq69NuPQPyUfezTtJiC7nVUriVGAQ+hw17tq:IBJTzHqBQrW3tEwnGtdCOBq
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
2
135.181.7.171:81
-
auth_value
101013a5e99e0857595aae297a11351d
Targets
-
-
Target
file.exe
-
Size
1.2MB
-
MD5
6af6a7fac1197a9b12b28c0e4db8c18a
-
SHA1
357ae7d706de393d8743dbbe0d94bc87922643cf
-
SHA256
d0a2035c0431796c138a26d1c9a75142b613c5417dc96a9200723870d0b3a687
-
SHA512
6a89fbff98be91a89008830f7aa3f88ef8fcd4c9967d1443abda4bad71097f6abc6a1371e0767e8853a3e52bd4e3f944f4ccbb7f8173d06d7c777bc71823f899
-
SSDEEP
24576:2TbBv5rUyXVTW6Hq69NuPQPyUfezTtJiC7nVUriVGAQ+hw17tq:IBJTzHqBQrW3tEwnGtdCOBq
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-