General
-
Target
a2ebb4bbf2ae4f7755b3ab604996e6c7e570ac8837ca544854ed696a81972505.exe
-
Size
297KB
-
Sample
240628-b2pdystgnd
-
MD5
cd581d68ed550455444ee6e099c44266
-
SHA1
f131d587578336651fd3e325b82b6c185a4b6429
-
SHA256
a2ebb4bbf2ae4f7755b3ab604996e6c7e570ac8837ca544854ed696a81972505
-
SHA512
33f94920032436cd45906c27cd5b39f47f9519ab5a1a6745bd8a69d81ce729d8e5e425a7538b5f4f6992bd3804e0376085f5da1c28cf9f4d664cabe64036d0b5
-
SSDEEP
3072:xqFFrqwIOGBHy9MGSwTc425F7dw4AhTiNhdSCTZifjIxcZqf7D34leqiOLCbBOu:QBIOGf4259dnTZcscZqf7DIvL
Behavioral task
behavioral1
Sample
a2ebb4bbf2ae4f7755b3ab604996e6c7e570ac8837ca544854ed696a81972505.exe
Resource
win7-20240611-en
Malware Config
Extracted
redline
123
185.215.113.67:40960
Targets
-
-
Target
a2ebb4bbf2ae4f7755b3ab604996e6c7e570ac8837ca544854ed696a81972505.exe
-
Size
297KB
-
MD5
cd581d68ed550455444ee6e099c44266
-
SHA1
f131d587578336651fd3e325b82b6c185a4b6429
-
SHA256
a2ebb4bbf2ae4f7755b3ab604996e6c7e570ac8837ca544854ed696a81972505
-
SHA512
33f94920032436cd45906c27cd5b39f47f9519ab5a1a6745bd8a69d81ce729d8e5e425a7538b5f4f6992bd3804e0376085f5da1c28cf9f4d664cabe64036d0b5
-
SSDEEP
3072:xqFFrqwIOGBHy9MGSwTc425F7dw4AhTiNhdSCTZifjIxcZqf7D34leqiOLCbBOu:QBIOGf4259dnTZcscZqf7DIvL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-