General
-
Target
d39102871ef052ad31497b0998e298f88cde5965bc398079d64dbf67242fd217.exe
-
Size
729KB
-
Sample
241121-a7ldta1qhk
-
MD5
bd89ba099d573971b0ce2e80ac5b111c
-
SHA1
a025f87b1a62b39be4bc17f9c9709280373e7960
-
SHA256
d39102871ef052ad31497b0998e298f88cde5965bc398079d64dbf67242fd217
-
SHA512
b9f2e2f5d4d5ec2e1c73f35f7d40c3ef85fddbde82296aabdfb131dfe22ada7a46a93356cb82b6ba0eaf3358c8145655a0fee2031b96f2f57b31af426e219443
-
SSDEEP
12288:s3HI6h903fznHkkaXNym6lXIxI65x8efj0NYFN5x1oBQkkj:+HI40vzH/adym6ROIFefgNcNf1oc
Static task
static1
Behavioral task
behavioral1
Sample
d39102871ef052ad31497b0998e298f88cde5965bc398079d64dbf67242fd217.exe
Resource
win7-20241010-en
Malware Config
Extracted
redline
Malwi
185.241.208.193:1912
Targets
-
-
Target
d39102871ef052ad31497b0998e298f88cde5965bc398079d64dbf67242fd217.exe
-
Size
729KB
-
MD5
bd89ba099d573971b0ce2e80ac5b111c
-
SHA1
a025f87b1a62b39be4bc17f9c9709280373e7960
-
SHA256
d39102871ef052ad31497b0998e298f88cde5965bc398079d64dbf67242fd217
-
SHA512
b9f2e2f5d4d5ec2e1c73f35f7d40c3ef85fddbde82296aabdfb131dfe22ada7a46a93356cb82b6ba0eaf3358c8145655a0fee2031b96f2f57b31af426e219443
-
SSDEEP
12288:s3HI6h903fznHkkaXNym6lXIxI65x8efj0NYFN5x1oBQkkj:+HI40vzH/adym6ROIFefgNcNf1oc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-