General
-
Target
85d0a102b13151b242f9415a4ea1d46cd7fa432e87f47440d84a55779354520c
-
Size
243KB
-
Sample
220911-vrss6sffhl
-
MD5
adc32857a8273fe0a68e50e241be0fd0
-
SHA1
8d6055d1ad56b7d6f7d99e51e882567b9856bac1
-
SHA256
85d0a102b13151b242f9415a4ea1d46cd7fa432e87f47440d84a55779354520c
-
SHA512
b3117ed3109f78029b415044d2726bbd00defeb186a41ae5eae595c17970c1ccd783e9d9cffc4892354980e485134aeb433f83ac39a34fe0aa880351e398353a
-
SSDEEP
3072:3bDLoogbDINotmbDICogbDfboiFOK2WY2T62gViUUimBjzbObUnUmPXIWIBmk9Hl:btSQtotyUUPBjzbOm76uv9SG2
Static task
static1
Behavioral task
behavioral1
Sample
85d0a102b13151b242f9415a4ea1d46cd7fa432e87f47440d84a55779354520c.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Lyla.11.09
185.215.113.216:21921
-
auth_value
a1e5192e588aa983d678ceb4d6e0d8b5
Targets
-
-
Target
85d0a102b13151b242f9415a4ea1d46cd7fa432e87f47440d84a55779354520c
-
Size
243KB
-
MD5
adc32857a8273fe0a68e50e241be0fd0
-
SHA1
8d6055d1ad56b7d6f7d99e51e882567b9856bac1
-
SHA256
85d0a102b13151b242f9415a4ea1d46cd7fa432e87f47440d84a55779354520c
-
SHA512
b3117ed3109f78029b415044d2726bbd00defeb186a41ae5eae595c17970c1ccd783e9d9cffc4892354980e485134aeb433f83ac39a34fe0aa880351e398353a
-
SSDEEP
3072:3bDLoogbDINotmbDICogbDfboiFOK2WY2T62gViUUimBjzbObUnUmPXIWIBmk9Hl:btSQtotyUUPBjzbOm76uv9SG2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-