General
-
Target
a8d997ec0a35b5e1b9006dc4a90d4aa037c57ad3741f943e55bb473b468bc99b
-
Size
442KB
-
Sample
220826-wwantsghh3
-
MD5
678e0c01043f8ab78e96c6f0c6766964
-
SHA1
5d6b7ac73d01c2214eaec1d4c0fdc171f5121e4c
-
SHA256
a8d997ec0a35b5e1b9006dc4a90d4aa037c57ad3741f943e55bb473b468bc99b
-
SHA512
ffe90e168479544b4c465a8dc481d0c9a8306967b33408434681c241348cd6b69a182665c06c9f6e4f374dff5e399b7cd1d49c01458907e93edcc6ab61afcb25
-
SSDEEP
12288:Qx6BuMT9xTF5g/NvuqRr/ZEqMBEOXJFl1bbB0AiBr:Qx6oMT9xTF5glvuqNMmG1bbuAUr
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
megamillion
118.107.23.69:37132
-
auth_value
39bff8ca97cd0aebbdf6070fb26fa650
Targets
-
-
Target
setup.exe
-
Size
460KB
-
MD5
357e1c60b7ca2bdaf8abaae8e17f345d
-
SHA1
95ee4100cb534db9b4f03fa8585c53bb14e7bd46
-
SHA256
7dfa267590515ca9e121b4ec618f1fbb988d8bcbdfa4ad27d1fd48a019707812
-
SHA512
787d51928df94ccd100d095412c6b5482a1ad4770e0e5f0532fe053bc870cddb1d1611ef0347ba639f14afe85e7f20a564113a14faf949ffe9105ed7901d480b
-
SSDEEP
6144:aHKlQVdaSHW6Oyx1WtLZnSVcU7NNfA/hPbE5Phvy/pu6agye9oZfFXgfcGVR6+Mj:iWuj6tKcgfA/2vvQpPf2pgtuEN6qg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-