General
-
Target
a580689cd00c223a0aebb6073af5b25e.exe
-
Size
133KB
-
Sample
220911-zrj89acbf8
-
MD5
a580689cd00c223a0aebb6073af5b25e
-
SHA1
f812e7b7227eee93d8aa945341348c76340803c6
-
SHA256
5d3ddea9135eedd444a8977713261b34cfaad6d761e987c771c839f516bb09aa
-
SHA512
a676053d09692167c113e8e8fa6737b39cee1dea9928bd172d0485f66eb6195d39e39b47cecb4966f3fb758d9d2d5ecd003e161f4aa3ac3ea0fb57f402bd89d3
-
SSDEEP
3072:hitR77ftnBjzi+KJI2Pbj7sTt8P7diSSadcGk1ZSvaGWp:hw79BjzQjPbj7gt8sYdTvaG
Static task
static1
Behavioral task
behavioral1
Sample
a580689cd00c223a0aebb6073af5b25e.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a580689cd00c223a0aebb6073af5b25e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Lyllkal.05.09
185.215.113.216:21921
-
auth_value
2df530f82cb4bd0f6bef5527a1d5de70
Targets
-
-
Target
a580689cd00c223a0aebb6073af5b25e.exe
-
Size
133KB
-
MD5
a580689cd00c223a0aebb6073af5b25e
-
SHA1
f812e7b7227eee93d8aa945341348c76340803c6
-
SHA256
5d3ddea9135eedd444a8977713261b34cfaad6d761e987c771c839f516bb09aa
-
SHA512
a676053d09692167c113e8e8fa6737b39cee1dea9928bd172d0485f66eb6195d39e39b47cecb4966f3fb758d9d2d5ecd003e161f4aa3ac3ea0fb57f402bd89d3
-
SSDEEP
3072:hitR77ftnBjzi+KJI2Pbj7sTt8P7diSSadcGk1ZSvaGWp:hw79BjzQjPbj7gt8sYdTvaG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-