General
-
Target
SHIPPINGIN PL BT PDF.exe
-
Size
384KB
-
Sample
241210-mq39hstlc1
-
MD5
af1b027971dc2ef0d2382c3250fd70b1
-
SHA1
eb8c51b0c7c4d39f33b156d810927614fcc02250
-
SHA256
d478d3c502b2bd866c958b8e075f03e5d754ef48db447c85b9ea795342ed3619
-
SHA512
265e967f751736ccaefa5caba0ec8b1cd8a5e92e253f161c58d79a0b1fa1da77d9607c7249fa3c958cef3599bdc5009c8cdb72d27a5404c40eb4cfe2d4dab221
-
SSDEEP
6144:Sek9LD+zqyEE7XDsrRSq/Hj+h6OTqdxQh68Aqt6u7sFVsTuDXE:KewrRmOAfNtP7sPsTuDXE
Static task
static1
Behavioral task
behavioral1
Sample
SHIPPINGIN PL BT PDF.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
SHIPPINGIN PL BT PDF.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
sheetred1
77.90.185.55:1912
Targets
-
-
Target
SHIPPINGIN PL BT PDF.exe
-
Size
384KB
-
MD5
af1b027971dc2ef0d2382c3250fd70b1
-
SHA1
eb8c51b0c7c4d39f33b156d810927614fcc02250
-
SHA256
d478d3c502b2bd866c958b8e075f03e5d754ef48db447c85b9ea795342ed3619
-
SHA512
265e967f751736ccaefa5caba0ec8b1cd8a5e92e253f161c58d79a0b1fa1da77d9607c7249fa3c958cef3599bdc5009c8cdb72d27a5404c40eb4cfe2d4dab221
-
SSDEEP
6144:Sek9LD+zqyEE7XDsrRSq/Hj+h6OTqdxQh68Aqt6u7sFVsTuDXE:KewrRmOAfNtP7sPsTuDXE
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-