General
-
Target
vitutal machine.txt
-
Size
61B
-
Sample
240407-trytragh35
-
MD5
1d7db31646386591f2e03562253f0e35
-
SHA1
7fa424de79d773fa915c882e2fc57b276a336526
-
SHA256
7902ef263776402b3f205cf5ebb983c619dbd529ab2d8d1af912ef3d6c40c957
-
SHA512
b6c6bd4d1d538e3961ce7557e5308380ccadd263232655d6fdd5388cb1ad71682733494d48493be613b5a0579f2cce9b06a9e53069157007661893ec62240a19
Static task
static1
Behavioral task
behavioral1
Sample
vitutal machine.txt
Resource
win11-20240221-en
Malware Config
Extracted
redline
45.15.156.142:33597
Extracted
redline
@skayoker38
45.15.156.167:80
Targets
-
-
Target
vitutal machine.txt
-
Size
61B
-
MD5
1d7db31646386591f2e03562253f0e35
-
SHA1
7fa424de79d773fa915c882e2fc57b276a336526
-
SHA256
7902ef263776402b3f205cf5ebb983c619dbd529ab2d8d1af912ef3d6c40c957
-
SHA512
b6c6bd4d1d538e3961ce7557e5308380ccadd263232655d6fdd5388cb1ad71682733494d48493be613b5a0579f2cce9b06a9e53069157007661893ec62240a19
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-