General
-
Target
redline_padding.exe
-
Size
441.4MB
-
Sample
230618-rkzflaff87
-
MD5
e722c2c76497ed2af3403a920d9fccab
-
SHA1
1f1bc1edf12728647d606866144200b9c84c4301
-
SHA256
1329df01ef709c74462947fe5c950ac7b5b374f65b0c2f7f558a3e8299a5d7e3
-
SHA512
e588c0ff6b68892f990d32f5c9deb4836f5e63b664c6710d7e629b4b9b2b091ad1d25887218c957b7c9d040e4e86a45ceab898c673b75d62f6063a1a8d46459c
-
SSDEEP
6144:jX0F86lue1jWWIZ5oEbMDfJnYp/3Nn28Y4naKNJGA+JjqfO+m6HVn5S:jzdZ5oc0dg/Nns4naqJGZJjqG+RV8
Malware Config
Extracted
redline
yt
65.109.161.165:6997
-
auth_value
c85b149d6d3359b3fe4dd1dfcc5864e8
Targets
-
-
Target
redline_padding.exe
-
Size
441.4MB
-
MD5
e722c2c76497ed2af3403a920d9fccab
-
SHA1
1f1bc1edf12728647d606866144200b9c84c4301
-
SHA256
1329df01ef709c74462947fe5c950ac7b5b374f65b0c2f7f558a3e8299a5d7e3
-
SHA512
e588c0ff6b68892f990d32f5c9deb4836f5e63b664c6710d7e629b4b9b2b091ad1d25887218c957b7c9d040e4e86a45ceab898c673b75d62f6063a1a8d46459c
-
SSDEEP
6144:jX0F86lue1jWWIZ5oEbMDfJnYp/3Nn28Y4naKNJGA+JjqfO+m6HVn5S:jzdZ5oc0dg/Nns4naqJGZJjqG+RV8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-