General
-
Target
Redline_Cleaned.exe
-
Size
21.8MB
-
Sample
230617-1ndsqscg5s
-
MD5
916679d6fde50b5153e6c44c30beeffd
-
SHA1
a6ef5a0ef603cea314f5cdba904798c378286885
-
SHA256
76d61da3a00ec5c207ec8361b06f4820902880fb6dbd3a203da1c462e98db594
-
SHA512
b39f3ce958bca9d2b2dbc96dbb2907d38c142f8f61913e4f524d854109987dcae584838b6736b9e1301df62c1873e4a4e864038aaa965fe4177662d869abe53b
-
SSDEEP
3072:ISurFVcSIcp28GMoqcxJ/Z6e1yWuyWxEjGbU18Z4JjAoEN/2RIMDfn5n6Dp0EBhH:mX0F86lue1jWWIZ5oEbMDfJG9
Malware Config
Extracted
redline
yt
65.109.161.165:6997
-
auth_value
c85b149d6d3359b3fe4dd1dfcc5864e8
Targets
-
-
Target
Redline_Cleaned.exe
-
Size
21.8MB
-
MD5
916679d6fde50b5153e6c44c30beeffd
-
SHA1
a6ef5a0ef603cea314f5cdba904798c378286885
-
SHA256
76d61da3a00ec5c207ec8361b06f4820902880fb6dbd3a203da1c462e98db594
-
SHA512
b39f3ce958bca9d2b2dbc96dbb2907d38c142f8f61913e4f524d854109987dcae584838b6736b9e1301df62c1873e4a4e864038aaa965fe4177662d869abe53b
-
SSDEEP
3072:ISurFVcSIcp28GMoqcxJ/Z6e1yWuyWxEjGbU18Z4JjAoEN/2RIMDfn5n6Dp0EBhH:mX0F86lue1jWWIZ5oEbMDfJG9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-