General
-
Target
6415156ccb8d18f7b96d7e925cd095c346d9432e8654552a093dbbee14746715
-
Size
442KB
-
Sample
240705-199gjaxemk
-
MD5
2f4ca641d2f18ec969232e07d932c9f2
-
SHA1
6e43e55dd70a2297aa77e6eb077649802cd15461
-
SHA256
6415156ccb8d18f7b96d7e925cd095c346d9432e8654552a093dbbee14746715
-
SHA512
9e2696a76e6e5cc1b71728d50f259f7d40b18a080d3c1590b84cc69d2c7160fb03198efd7a43ab22333876886583944480531458c9ee7bb508ff134d1c793570
-
SSDEEP
6144:4AkIrSr29/ChgIT71JmblFx6pZkz8yILQB1X7h6grM:/r793WJmb56p0ILQB1X7w
Static task
static1
Behavioral task
behavioral1
Sample
6415156ccb8d18f7b96d7e925cd095c346d9432e8654552a093dbbee14746715.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
6415156ccb8d18f7b96d7e925cd095c346d9432e8654552a093dbbee14746715.dll
Resource
win10v2004-20240704-en
Malware Config
Extracted
redline
@MarsSellers12
94.228.166.68:80
Targets
-
-
Target
6415156ccb8d18f7b96d7e925cd095c346d9432e8654552a093dbbee14746715
-
Size
442KB
-
MD5
2f4ca641d2f18ec969232e07d932c9f2
-
SHA1
6e43e55dd70a2297aa77e6eb077649802cd15461
-
SHA256
6415156ccb8d18f7b96d7e925cd095c346d9432e8654552a093dbbee14746715
-
SHA512
9e2696a76e6e5cc1b71728d50f259f7d40b18a080d3c1590b84cc69d2c7160fb03198efd7a43ab22333876886583944480531458c9ee7bb508ff134d1c793570
-
SSDEEP
6144:4AkIrSr29/ChgIT71JmblFx6pZkz8yILQB1X7h6grM:/r793WJmb56p0ILQB1X7w
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of SetThreadContext
-