General
-
Target
8b9a7ed495ca501b7e58496fc7c111d2d95d4e0a8a2061ea536d54622179c92f
-
Size
443KB
-
Sample
220817-gw38tabecl
-
MD5
8cd3957c7d03f5df99476236cb9e69c7
-
SHA1
b6e43736323ffebfc2f2cbf98ab66f36b9dbf1fe
-
SHA256
8b9a7ed495ca501b7e58496fc7c111d2d95d4e0a8a2061ea536d54622179c92f
-
SHA512
ce589fef3f6dce7bf14ea5da83e3c7704411e2dbdb704f2e015fe3abea8d39cba8527f746c11980bac4e1174109b81caa260ae315d7f012957b52b16b0095f45
-
SSDEEP
1536:BzX3ZhygCEicBjzkpMAREbJFvgSswAcDB0oeUKu1KjRZBfqHiAa:jhpZFBjzcMAREbJFvgSswAcDleUK2ta
Static task
static1
Behavioral task
behavioral1
Sample
8b9a7ed495ca501b7e58496fc7c111d2d95d4e0a8a2061ea536d54622179c92f.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Lyla.04.08
185.215.113.216:21921
-
auth_value
7f2bf6f810414d0f2fc0b3b8d54a76ac
Targets
-
-
Target
8b9a7ed495ca501b7e58496fc7c111d2d95d4e0a8a2061ea536d54622179c92f
-
Size
443KB
-
MD5
8cd3957c7d03f5df99476236cb9e69c7
-
SHA1
b6e43736323ffebfc2f2cbf98ab66f36b9dbf1fe
-
SHA256
8b9a7ed495ca501b7e58496fc7c111d2d95d4e0a8a2061ea536d54622179c92f
-
SHA512
ce589fef3f6dce7bf14ea5da83e3c7704411e2dbdb704f2e015fe3abea8d39cba8527f746c11980bac4e1174109b81caa260ae315d7f012957b52b16b0095f45
-
SSDEEP
1536:BzX3ZhygCEicBjzkpMAREbJFvgSswAcDB0oeUKu1KjRZBfqHiAa:jhpZFBjzcMAREbJFvgSswAcDleUK2ta
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-