General
-
Target
27121df06efbeded912d9bded3279f67.bin
-
Size
487KB
-
Sample
231019-bg639sec92
-
MD5
f10bff89fcbf9e1e18540bcaefd429e1
-
SHA1
457db3e388d6fb0d6008d8b85342a2b0f4de4d13
-
SHA256
068b0c7483230e8f8a600a72644bbb915bd70ad7b129e3998c69fd3c97ae1111
-
SHA512
32be1fe3c0d8246a1cb84886e3bda43a7dba07214b831e0e698744b8ee4e81db93805b1a664677bb0fcc4ac02170aa845a407674ebfc0a539f2c4cda7a17b526
-
SSDEEP
12288:wTWo+9fSspPegLdIXY3UNs31NYaae+k7wbsh+9zFWGksy9fCy:W+9lPLAY3UulN5aCZUkGks8P
Static task
static1
Behavioral task
behavioral1
Sample
b6916e92bc3a01c59eb34f0ec8e53b20948cd4dc26e84d06ae35f3ee2fa7cdda.exe
Resource
win7-20230831-en
Malware Config
Extracted
redline
installs
91.103.253.6:22884
Extracted
redline
123
51.254.67.186:16176
Targets
-
-
Target
b6916e92bc3a01c59eb34f0ec8e53b20948cd4dc26e84d06ae35f3ee2fa7cdda.exe
-
Size
607KB
-
MD5
27121df06efbeded912d9bded3279f67
-
SHA1
bcf41ecaccd1a8540dfabe9d9442972dbfa5970b
-
SHA256
b6916e92bc3a01c59eb34f0ec8e53b20948cd4dc26e84d06ae35f3ee2fa7cdda
-
SHA512
b63f2f8a9bd83e379eaccdc3780977d98b876e540b5465852811d49429d7d46e04cd5eca3d56e94f752f945196709e82c1cba8f106a87c4f4d35a311e7788731
-
SSDEEP
12288:JcrNS33L10QdrXZT+tcWnvlOAYnPQY5WEtuWcy1MERYs:0NA3R5drX/WvwpnPQY0x9uME6s
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-