General
-
Target
SetupMEXX.exe
-
Size
365KB
-
Sample
220512-t7j1jachf9
-
MD5
7370ffed0230ae5356e8ae84124a3d1e
-
SHA1
55ca5aaae35860b8cc10a6275183330c19ee192c
-
SHA256
c1206ad84bf49cd1dc2ed0a33cb97327fc6e54e630bacd3ddd0ba6751fde79b0
-
SHA512
bf17ee8f305edd9ab5f89bd6397af79c41b8a0d48d017e0f2e345f83d4c64bb0d44b372a089d591b0ea6aea8f429a403a050c7358f104bfd8156fb0d18900a25
Static task
static1
Behavioral task
behavioral1
Sample
SetupMEXX.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
50n
193.106.191.190:23196
-
auth_value
d61a9ba1568b3b8e34c959aa0f254969
Targets
-
-
Target
SetupMEXX.exe
-
Size
365KB
-
MD5
7370ffed0230ae5356e8ae84124a3d1e
-
SHA1
55ca5aaae35860b8cc10a6275183330c19ee192c
-
SHA256
c1206ad84bf49cd1dc2ed0a33cb97327fc6e54e630bacd3ddd0ba6751fde79b0
-
SHA512
bf17ee8f305edd9ab5f89bd6397af79c41b8a0d48d017e0f2e345f83d4c64bb0d44b372a089d591b0ea6aea8f429a403a050c7358f104bfd8156fb0d18900a25
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-