General
-
Target
590900f4d8afb408aed4ce7f3b9d8db621fe4cc2725cbd1c86c2fe01a2d31937
-
Size
436KB
-
Sample
240705-1tfvaawhrq
-
MD5
7a0ba22a1d19670c0aa83ad53a8736d3
-
SHA1
726ca8c8e9fc9e422650f7d4a47ce8874b7316a3
-
SHA256
590900f4d8afb408aed4ce7f3b9d8db621fe4cc2725cbd1c86c2fe01a2d31937
-
SHA512
439129c031e15e6630daf5646da8f68f39c43a1c42ad1050d9ee0991dde4550becbfd156d731cdb4b5c119f2dcbc1dd0db8241be83831d5ea68ef27f4f45b0d0
-
SSDEEP
6144:Vom1MGkKQRBjfKhJxg7g8mb02mPObp3gc8KIL4B1X7h6grY13:eG7o9wxh8mb2PObrIL4B1X7Md
Static task
static1
Behavioral task
behavioral1
Sample
590900f4d8afb408aed4ce7f3b9d8db621fe4cc2725cbd1c86c2fe01a2d31937.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
590900f4d8afb408aed4ce7f3b9d8db621fe4cc2725cbd1c86c2fe01a2d31937.dll
Resource
win10v2004-20240704-en
Malware Config
Extracted
redline
@deeqsio
94.228.166.68:80
Targets
-
-
Target
590900f4d8afb408aed4ce7f3b9d8db621fe4cc2725cbd1c86c2fe01a2d31937
-
Size
436KB
-
MD5
7a0ba22a1d19670c0aa83ad53a8736d3
-
SHA1
726ca8c8e9fc9e422650f7d4a47ce8874b7316a3
-
SHA256
590900f4d8afb408aed4ce7f3b9d8db621fe4cc2725cbd1c86c2fe01a2d31937
-
SHA512
439129c031e15e6630daf5646da8f68f39c43a1c42ad1050d9ee0991dde4550becbfd156d731cdb4b5c119f2dcbc1dd0db8241be83831d5ea68ef27f4f45b0d0
-
SSDEEP
6144:Vom1MGkKQRBjfKhJxg7g8mb02mPObp3gc8KIL4B1X7h6grY13:eG7o9wxh8mb2PObrIL4B1X7Md
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Power Settings
powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
-
Suspicious use of SetThreadContext
-