General
-
Target
file
-
Size
364KB
-
Sample
240112-wecf4acgcl
-
MD5
a9afb4ac1010d7fda67100b4375de286
-
SHA1
89caf815421a4cb74e2515908a6622e3a2436981
-
SHA256
ca0969a10ef9353ff9053efd4033b4d01eceb0c490e9b808108bd7740064f068
-
SHA512
ce002550f29bb7fdeb56a0a97db6e127f115aeecb0c73db1960f9b01e82e99117193f91027a981f567a84d18ee20c79101ab6d76e2cff104308f0d15beab6168
-
SSDEEP
6144:03NrR5cpA8B7E1CJzSdZ94LMiG3wGyBk0RuPueiHV79eYr0CaV:0VR5cvB7+SzU9UMiLGyq0RF/1he7CaV
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231129-en
Malware Config
Extracted
redline
Bloomberg
194.33.191.102:21751
Targets
-
-
Target
file
-
Size
364KB
-
MD5
a9afb4ac1010d7fda67100b4375de286
-
SHA1
89caf815421a4cb74e2515908a6622e3a2436981
-
SHA256
ca0969a10ef9353ff9053efd4033b4d01eceb0c490e9b808108bd7740064f068
-
SHA512
ce002550f29bb7fdeb56a0a97db6e127f115aeecb0c73db1960f9b01e82e99117193f91027a981f567a84d18ee20c79101ab6d76e2cff104308f0d15beab6168
-
SSDEEP
6144:03NrR5cpA8B7E1CJzSdZ94LMiG3wGyBk0RuPueiHV79eYr0CaV:0VR5cvB7+SzU9UMiLGyq0RF/1he7CaV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-