General
-
Target
0b9ee92def8b51187620c6c4a261bb25.exe
-
Size
784KB
-
Sample
240422-29pb2ahe88
-
MD5
0b9ee92def8b51187620c6c4a261bb25
-
SHA1
716a87b7bcee2f406cf15a77d950148271daae43
-
SHA256
bcbdd1065dc9b66a07d5a55ae135c6094d3adf281096f55fbab12b48f84edc79
-
SHA512
68c42e3a1ef0dbebed0c7783d953373dada3e292fd4728cf0870327015efa64e814bb05109eddc35f749e266130bc51421f570ad94437dfa842625c4908ba50b
-
SSDEEP
24576:8bOPsfamTSqVjX7+CEw3zq0Dd+82AyPurkgiImYBn5:mIsfr+qJ6CEyzq0Db73BZl5
Static task
static1
Behavioral task
behavioral1
Sample
0b9ee92def8b51187620c6c4a261bb25.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
new
91.92.250.88:16964
Targets
-
-
Target
0b9ee92def8b51187620c6c4a261bb25.exe
-
Size
784KB
-
MD5
0b9ee92def8b51187620c6c4a261bb25
-
SHA1
716a87b7bcee2f406cf15a77d950148271daae43
-
SHA256
bcbdd1065dc9b66a07d5a55ae135c6094d3adf281096f55fbab12b48f84edc79
-
SHA512
68c42e3a1ef0dbebed0c7783d953373dada3e292fd4728cf0870327015efa64e814bb05109eddc35f749e266130bc51421f570ad94437dfa842625c4908ba50b
-
SSDEEP
24576:8bOPsfamTSqVjX7+CEw3zq0Dd+82AyPurkgiImYBn5:mIsfr+qJ6CEyzq0Db73BZl5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-