General
-
Target
19dbb47666f2eb1bb2889c42fc2fd3db.bin
-
Size
1.6MB
-
Sample
240426-bgn8fsgg28
-
MD5
d746626910a11e085cf79e198d44195a
-
SHA1
f90a04a0cd9e20ab31fa689c765e029a017ab828
-
SHA256
c30ecdd7ca6b0433dc8c945936399fd54d53000ec8d28cd118ebb052a765b2b9
-
SHA512
1bfc3d786d0cdd4fd99a2e65f6fc4c8853796507557e21d65598f844aac512a2f4b06d97d6c35c082dede36be5e198872ab9cd5f776b9f26103bbf40dcd4ab83
-
SSDEEP
49152:ADMX9ynZ9B55P/bZevuJIU5VlX9UR1uPvgLANcIQz2:m9PJzZ5SUFvPmANcrz2
Static task
static1
Behavioral task
behavioral1
Sample
09570f445a9a80479957a36ea2e038800d5a01acf338793274f936c108f21f24.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
bild1
193.233.132.169:37732
Targets
-
-
Target
09570f445a9a80479957a36ea2e038800d5a01acf338793274f936c108f21f24.exe
-
Size
1.9MB
-
MD5
19dbb47666f2eb1bb2889c42fc2fd3db
-
SHA1
0eeeef0203c5e51e07f521ff4d8d29a422319316
-
SHA256
09570f445a9a80479957a36ea2e038800d5a01acf338793274f936c108f21f24
-
SHA512
8311734676547436fc48423f7481ce1499003934cba291720b841779dbca9041914d58d9958f5b94a15a5c32e7c45ebea439886f0d51b61584280ebd7b782856
-
SSDEEP
49152:YI4RI1ayrqA8h2uJeRoWHDyct4BhbXjz1xfc242:YbLUqDh2uiSS4BlXnbk2V
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-