General
-
Target
6af6a7fac1197a9b12b28c0e4db8c18a.bin
-
Size
1.1MB
-
Sample
230519-bxtg4sed77
-
MD5
aac675dfcf46d4696266552ed32171f2
-
SHA1
cf8b00d6a0817ec0a643aa334068c86f3a8f2a19
-
SHA256
5738e9e23d0c21542c695990f81fd536ba56130851b3aad49a1c48777fe828ba
-
SHA512
843a31c46efd9b48f83cf0d34c70211c4446c480f79f6f051858e3b72c5bbd46fc036d6e5c4f20ee3f34218e788aa40416a5ef9df1662603a88e14eaaafac278
-
SSDEEP
24576:ngsp8wo1N+PdOzTZFjMup3I7ju2aBUy12aqOn0WPbUr3:nhFo/+Pd2+7g/WJH3
Static task
static1
Behavioral task
behavioral1
Sample
d0a2035c0431796c138a26d1c9a75142b613c5417dc96a9200723870d0b3a687.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
d0a2035c0431796c138a26d1c9a75142b613c5417dc96a9200723870d0b3a687.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
2
135.181.7.171:81
-
auth_value
101013a5e99e0857595aae297a11351d
Targets
-
-
Target
d0a2035c0431796c138a26d1c9a75142b613c5417dc96a9200723870d0b3a687.exe
-
Size
1.2MB
-
MD5
6af6a7fac1197a9b12b28c0e4db8c18a
-
SHA1
357ae7d706de393d8743dbbe0d94bc87922643cf
-
SHA256
d0a2035c0431796c138a26d1c9a75142b613c5417dc96a9200723870d0b3a687
-
SHA512
6a89fbff98be91a89008830f7aa3f88ef8fcd4c9967d1443abda4bad71097f6abc6a1371e0767e8853a3e52bd4e3f944f4ccbb7f8173d06d7c777bc71823f899
-
SSDEEP
24576:2TbBv5rUyXVTW6Hq69NuPQPyUfezTtJiC7nVUriVGAQ+hw17tq:IBJTzHqBQrW3tEwnGtdCOBq
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-