General
-
Target
file
-
Size
1.9MB
-
Sample
240424-rrt5fsbe7s
-
MD5
19dbb47666f2eb1bb2889c42fc2fd3db
-
SHA1
0eeeef0203c5e51e07f521ff4d8d29a422319316
-
SHA256
09570f445a9a80479957a36ea2e038800d5a01acf338793274f936c108f21f24
-
SHA512
8311734676547436fc48423f7481ce1499003934cba291720b841779dbca9041914d58d9958f5b94a15a5c32e7c45ebea439886f0d51b61584280ebd7b782856
-
SSDEEP
49152:YI4RI1ayrqA8h2uJeRoWHDyct4BhbXjz1xfc242:YbLUqDh2uiSS4BlXnbk2V
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
bild1
193.233.132.169:37732
Targets
-
-
Target
file
-
Size
1.9MB
-
MD5
19dbb47666f2eb1bb2889c42fc2fd3db
-
SHA1
0eeeef0203c5e51e07f521ff4d8d29a422319316
-
SHA256
09570f445a9a80479957a36ea2e038800d5a01acf338793274f936c108f21f24
-
SHA512
8311734676547436fc48423f7481ce1499003934cba291720b841779dbca9041914d58d9958f5b94a15a5c32e7c45ebea439886f0d51b61584280ebd7b782856
-
SSDEEP
49152:YI4RI1ayrqA8h2uJeRoWHDyct4BhbXjz1xfc242:YbLUqDh2uiSS4BlXnbk2V
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-