General
-
Target
02f39120cf2af18509b2c0fff30720f6.exe
-
Size
164KB
-
Sample
220913-wcvvnagbe3
-
MD5
02f39120cf2af18509b2c0fff30720f6
-
SHA1
8691a14f1446f9ae054ab8963f3261a614e67813
-
SHA256
8779883519f92381535a03225ef0973412fdaa42d8a6becf179c7f69b8f91e23
-
SHA512
9e6309ab852e9a4d9db39037ea1826998c69d8c842cc376329c2b967691b2701ce7b7b77813bf4fa96f37d2ba5cf6d17522def8dc914ca78381a8a608ce1e378
-
SSDEEP
1536:Zt51pJxJn/PS1tblbr50vEwBjzktL/8Jt8MC5wwEn78rtajTm4H//gkp/zgLOCWo:Zt51pJxNShxRwBjziULwHR4TzXVpqIc
Static task
static1
Behavioral task
behavioral1
Sample
02f39120cf2af18509b2c0fff30720f6.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
02f39120cf2af18509b2c0fff30720f6.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Lyla.11.09
185.215.113.216:21921
-
auth_value
a1e5192e588aa983d678ceb4d6e0d8b5
Targets
-
-
Target
02f39120cf2af18509b2c0fff30720f6.exe
-
Size
164KB
-
MD5
02f39120cf2af18509b2c0fff30720f6
-
SHA1
8691a14f1446f9ae054ab8963f3261a614e67813
-
SHA256
8779883519f92381535a03225ef0973412fdaa42d8a6becf179c7f69b8f91e23
-
SHA512
9e6309ab852e9a4d9db39037ea1826998c69d8c842cc376329c2b967691b2701ce7b7b77813bf4fa96f37d2ba5cf6d17522def8dc914ca78381a8a608ce1e378
-
SSDEEP
1536:Zt51pJxJn/PS1tblbr50vEwBjzktL/8Jt8MC5wwEn78rtajTm4H//gkp/zgLOCWo:Zt51pJxNShxRwBjziULwHR4TzXVpqIc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-