General
-
Target
2f25790b3368b6afd35007dfe873e90a288cfce9d19758756b71fa6952a675f2.exe
-
Size
1.7MB
-
Sample
240628-bmpq6svhmn
-
MD5
a80a86c701801cbd77cf7406be6d11f0
-
SHA1
ef98a953fae4506e0402de15c1f1d9f0bfb47b01
-
SHA256
2f25790b3368b6afd35007dfe873e90a288cfce9d19758756b71fa6952a675f2
-
SHA512
7e1216bda5c36efcc4146c410cb5717e0e9e8257c25cef2239d631fa6fb15ec953b5155b6c4b4f4f3ff661425d1b6e5b716c21711fc7ddd423e6fc009e363d97
-
SSDEEP
49152:5X0aKtI+mD9Mndc9wZ54vQyo7V6OQgDsn8pSk5e:5XEI1DSdJqIQOQepl
Static task
static1
Behavioral task
behavioral1
Sample
2f25790b3368b6afd35007dfe873e90a288cfce9d19758756b71fa6952a675f2.exe
Resource
win7-20240611-en
Malware Config
Extracted
redline
@OLEH_PSP
185.172.128.33:8970
Targets
-
-
Target
2f25790b3368b6afd35007dfe873e90a288cfce9d19758756b71fa6952a675f2.exe
-
Size
1.7MB
-
MD5
a80a86c701801cbd77cf7406be6d11f0
-
SHA1
ef98a953fae4506e0402de15c1f1d9f0bfb47b01
-
SHA256
2f25790b3368b6afd35007dfe873e90a288cfce9d19758756b71fa6952a675f2
-
SHA512
7e1216bda5c36efcc4146c410cb5717e0e9e8257c25cef2239d631fa6fb15ec953b5155b6c4b4f4f3ff661425d1b6e5b716c21711fc7ddd423e6fc009e363d97
-
SSDEEP
49152:5X0aKtI+mD9Mndc9wZ54vQyo7V6OQgDsn8pSk5e:5XEI1DSdJqIQOQepl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-