General
-
Target
Updated-Ver-v319-04-27
-
Size
7KB
-
Sample
240630-1d5tgawdre
-
MD5
daef02f6b1316ad0e05d17060f1490cc
-
SHA1
31c445c775a89734e75f93f4614dbdc5d7afd59b
-
SHA256
544df7e0b35c825673c785c27e0bdda1f4559e4f3cef72615108d24f15ffbd58
-
SHA512
cb63884b1f8d4815b614e2d68eba192199f5021a2d64c536ff514a8fdbeca0d928cc45013da3d9c00fc3c45b0154d4e8aad0034f9c4894859d0b65d6f81202e5
-
SSDEEP
96:3suWziM8mMAfjmZ/r4N/PJjeIJumKF95RZjieojwXZkDpkqP18Gmf:ut7m5WJjeeu1hkrWf
Static task
static1
Behavioral task
behavioral1
Sample
Updated-Ver-v319-04-27.html
Resource
win10-20240404-en
Malware Config
Extracted
redline
@hersgorid
94.228.166.68:80
Targets
-
-
Target
Updated-Ver-v319-04-27
-
Size
7KB
-
MD5
daef02f6b1316ad0e05d17060f1490cc
-
SHA1
31c445c775a89734e75f93f4614dbdc5d7afd59b
-
SHA256
544df7e0b35c825673c785c27e0bdda1f4559e4f3cef72615108d24f15ffbd58
-
SHA512
cb63884b1f8d4815b614e2d68eba192199f5021a2d64c536ff514a8fdbeca0d928cc45013da3d9c00fc3c45b0154d4e8aad0034f9c4894859d0b65d6f81202e5
-
SSDEEP
96:3suWziM8mMAfjmZ/r4N/PJjeIJumKF95RZjieojwXZkDpkqP18Gmf:ut7m5WJjeeu1hkrWf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-