General
-
Target
1c6fb4feec693fbd0aa670fbc846dadb59d5e7dfd7e0b4136e32505f42186820
-
Size
1.1MB
-
Sample
230528-rebgksfc53
-
MD5
3f97cb041ef2d2759cbcb770d4e34e54
-
SHA1
3a14e69121b11ee79ca22540be324a2dfa3c881d
-
SHA256
1c6fb4feec693fbd0aa670fbc846dadb59d5e7dfd7e0b4136e32505f42186820
-
SHA512
61c95989c2d271c7e13cdbb43f7b01ab8df0dc7d6615e4162ee0ea2d3f44393465e864d3d9e428cbe322bd38ae2b4cfd18f1e3fc04f69676f4200dcf7c146085
-
SSDEEP
24576:jyNws4MmToedkvFH2amauoehOCxwYczhuws:21vmEedmUjaNywdNuw
Static task
static1
Malware Config
Extracted
redline
liza
83.97.73.127:19045
-
auth_value
198e3e9b188d6cfab0a2b0fb100bb7c5
Extracted
redline
metro
83.97.73.127:19045
-
auth_value
f7fd4aa816bdbaad933b45b51d9b6b1a
Extracted
redline
Redline
85.31.54.183:18435
-
auth_value
50837656cba6e4dd56bfbb4a61dadb63
Targets
-
-
Target
1c6fb4feec693fbd0aa670fbc846dadb59d5e7dfd7e0b4136e32505f42186820
-
Size
1.1MB
-
MD5
3f97cb041ef2d2759cbcb770d4e34e54
-
SHA1
3a14e69121b11ee79ca22540be324a2dfa3c881d
-
SHA256
1c6fb4feec693fbd0aa670fbc846dadb59d5e7dfd7e0b4136e32505f42186820
-
SHA512
61c95989c2d271c7e13cdbb43f7b01ab8df0dc7d6615e4162ee0ea2d3f44393465e864d3d9e428cbe322bd38ae2b4cfd18f1e3fc04f69676f4200dcf7c146085
-
SSDEEP
24576:jyNws4MmToedkvFH2amauoehOCxwYczhuws:21vmEedmUjaNywdNuw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-