General
-
Target
8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488
-
Size
332KB
-
Sample
240509-yj7h5see75
-
MD5
179e52553d0fb86da8b84cdef81b8394
-
SHA1
728405545c126f7e0ca2beee8b650e1f125192a9
-
SHA256
8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488
-
SHA512
4fc9150ce2b1bf507da3e0352c0338d31e47230fb3950dcf18a4ab761f73b76ddc3eb40d4fca6a8e071babcf8d7ec7540ab6dcda1f4c655559d25c566421d96b
-
SSDEEP
6144:RlZwB/LgLN340nTaDpOU7riHRkyghbiSLOboK16cN/LmEbQbq0h+0Xp:RnhLN340nTP+yg5iSCbv1T1bvD0Xp
Malware Config
Extracted
redline
7001210066
https://pastebin.com/raw/KE5Mft0T
Targets
-
-
Target
8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488
-
Size
332KB
-
MD5
179e52553d0fb86da8b84cdef81b8394
-
SHA1
728405545c126f7e0ca2beee8b650e1f125192a9
-
SHA256
8db3c27c31541a43d1adeae01ca7caf3f0c8d6e3733168917ea04d58d7e4a488
-
SHA512
4fc9150ce2b1bf507da3e0352c0338d31e47230fb3950dcf18a4ab761f73b76ddc3eb40d4fca6a8e071babcf8d7ec7540ab6dcda1f4c655559d25c566421d96b
-
SSDEEP
6144:RlZwB/LgLN340nTaDpOU7riHRkyghbiSLOboK16cN/LmEbQbq0h+0Xp:RnhLN340nTP+yg5iSCbv1T1bvD0Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-