General
-
Target
installerV2.rar
-
Size
109.2MB
-
Sample
240202-l5fw4abda7
-
MD5
c0e7e4afe60cb81f513e6037a692b6d3
-
SHA1
fc8ac256ebc4065cfdfa2d073eb5b081fee2045c
-
SHA256
a230fc03c202928b2f7ce173273bd314ca5ebd1c59a16b6cfb36440b585fc756
-
SHA512
fce28b01da4d5773b238c581a737b61ea88197c3b5dc7456e2d17f9699e8e5a78a19cc64d6a57a4a417943dd9a433aa7010b582dfb4b24c492def4bb6b187268
-
SSDEEP
1572864:e5k/y9dDXB6x9A6fiObagxD3ImGugnp/rWH2mtSt5tnfeAJIQDLw4nBsEJQQEimN:GbdDXB6jfdtiaPtS9nfVIQvwGWEJQunw
Static task
static1
Behavioral task
behavioral1
Sample
installerV2.rar
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
45.15.156.142:33597
Targets
-
-
Target
installerV2.rar
-
Size
109.2MB
-
MD5
c0e7e4afe60cb81f513e6037a692b6d3
-
SHA1
fc8ac256ebc4065cfdfa2d073eb5b081fee2045c
-
SHA256
a230fc03c202928b2f7ce173273bd314ca5ebd1c59a16b6cfb36440b585fc756
-
SHA512
fce28b01da4d5773b238c581a737b61ea88197c3b5dc7456e2d17f9699e8e5a78a19cc64d6a57a4a417943dd9a433aa7010b582dfb4b24c492def4bb6b187268
-
SSDEEP
1572864:e5k/y9dDXB6x9A6fiObagxD3ImGugnp/rWH2mtSt5tnfeAJIQDLw4nBsEJQQEimN:GbdDXB6jfdtiaPtS9nfVIQvwGWEJQunw
-
Detect Poverty Stealer Payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-