General
-
Target
tmp
-
Size
990KB
-
Sample
240424-nfvp3ahc26
-
MD5
9056dca80b3431615d63b13b72ca143c
-
SHA1
cf9122b3b7f57f0f4cd6ff8303417f1f6279a80c
-
SHA256
cedfb47b22871e12b67b3d7d01e4eb1bcad63bf61dfab89db5acde64cc12832b
-
SHA512
13a26a8d261ff4c6d83158ea0d7d99aac670159fca9f2a6b1e180ed9be1bdd5abdceab2fc232774f828c61d3aa267f29cebc22fe3d276fd0ae8d7e4681f38fb2
-
SSDEEP
12288:dRMAkWbP+k/ldbNxhZcKMMbm8gtnwaJioTTQ3AwHuwZ+U4cxV0q4Z5g1:HMAkCP+k/l7xhZcKMwmSajn/U4cO2
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
900751123
https://pastebin.com/raw/KE5Mft0T
Targets
-
-
Target
tmp
-
Size
990KB
-
MD5
9056dca80b3431615d63b13b72ca143c
-
SHA1
cf9122b3b7f57f0f4cd6ff8303417f1f6279a80c
-
SHA256
cedfb47b22871e12b67b3d7d01e4eb1bcad63bf61dfab89db5acde64cc12832b
-
SHA512
13a26a8d261ff4c6d83158ea0d7d99aac670159fca9f2a6b1e180ed9be1bdd5abdceab2fc232774f828c61d3aa267f29cebc22fe3d276fd0ae8d7e4681f38fb2
-
SSDEEP
12288:dRMAkWbP+k/ldbNxhZcKMMbm8gtnwaJioTTQ3AwHuwZ+U4cxV0q4Z5g1:HMAkCP+k/l7xhZcKMwmSajn/U4cO2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-