General
-
Target
d8c5c0574941e9875096036ecdc812ec7ebd4cbaffc8e88b951c32943515b26a.exe
-
Size
960KB
-
Sample
240423-ce1ddabd27
-
MD5
caadf9990de4b64aca17c0bac5082bf1
-
SHA1
05f0f347842f258ec0cc3e6913e3bdde3c623b9e
-
SHA256
d8c5c0574941e9875096036ecdc812ec7ebd4cbaffc8e88b951c32943515b26a
-
SHA512
b9cc91bcd491124d2eba87176d6832eec8a597afa3d3f222c42edc1d28383aadde212caf851cfbf2a8bf6d6418d067520fd558505bd11178958899f04b80f185
-
SSDEEP
12288:WbMgoELViw3kd/qa2tqftIQdW6+KOt6WQ8K97OsSDZjavg1F2TZBem8e:WbM8VNkd/bnqQto6wKFSxYg16A
Static task
static1
Behavioral task
behavioral1
Sample
d8c5c0574941e9875096036ecdc812ec7ebd4cbaffc8e88b951c32943515b26a.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
rajab
45.89.53.206:4663
Targets
-
-
Target
d8c5c0574941e9875096036ecdc812ec7ebd4cbaffc8e88b951c32943515b26a.exe
-
Size
960KB
-
MD5
caadf9990de4b64aca17c0bac5082bf1
-
SHA1
05f0f347842f258ec0cc3e6913e3bdde3c623b9e
-
SHA256
d8c5c0574941e9875096036ecdc812ec7ebd4cbaffc8e88b951c32943515b26a
-
SHA512
b9cc91bcd491124d2eba87176d6832eec8a597afa3d3f222c42edc1d28383aadde212caf851cfbf2a8bf6d6418d067520fd558505bd11178958899f04b80f185
-
SSDEEP
12288:WbMgoELViw3kd/qa2tqftIQdW6+KOt6WQ8K97OsSDZjavg1F2TZBem8e:WbM8VNkd/bnqQto6wKFSxYg16A
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-