General
-
Target
679d5cdadcc48fa79574ce12e8d0fd2e19823dc4b7e39a84b5b286672f45a72d.zip
-
Size
1.6MB
-
Sample
240402-nh2ldsgg23
-
MD5
ff67464fa2c6f07591d0e39e759c6cc2
-
SHA1
3bd063d41c43eb3652d6e36e3190442c7c28dd9f
-
SHA256
09ac96c9de3156f41f4d251aedec1f8c8505a4b7ea965119959cf2d71f0b32e2
-
SHA512
a93d7514ee5deec4067df553bbf924d131f6904efd4a488a1bf19d7dd7c94b128cc1034ab419121fd24c113e10d6c65e63e23435feef796e6cb2970f91919d2c
-
SSDEEP
49152:EHr2rhTt2+yGj9FllUn7D6/s4X5Nkl2JQytO9MSzdx:E2hp2+bXl67C3Sl2JQyYqydx
Static task
static1
Behavioral task
behavioral1
Sample
679d5cdadcc48fa79574ce12e8d0fd2e19823dc4b7e39a84b5b286672f45a72d.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
1
77.221.156.45:18734
Targets
-
-
Target
679d5cdadcc48fa79574ce12e8d0fd2e19823dc4b7e39a84b5b286672f45a72d.exe
-
Size
1.9MB
-
MD5
1a933b075452db624a756f76662a0614
-
SHA1
264bedf3867851461ea52b75650f414fcebb61ef
-
SHA256
679d5cdadcc48fa79574ce12e8d0fd2e19823dc4b7e39a84b5b286672f45a72d
-
SHA512
8f84c2c548d5774c5e942cef1dc5e0eb6e82a79d22a30b636bf0a98fad535cfab5e77a380c1c167ea33caca1ee397e64490eff0672cc915d1c8e797eb63e1071
-
SSDEEP
24576:GubsnafAPyjSzuubsnafAPyjZrilCQZCC3kmnrAa1rmqUeIiVfox2oTVZHeBFpUH:YI4wI1iln73XnrA0dqiFoHcpfi/Znqh0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-