General
-
Target
35557a3d1a90bdd05dab601b81ef886b.exe
-
Size
207KB
-
Sample
220913-wd1gjacaaq
-
MD5
35557a3d1a90bdd05dab601b81ef886b
-
SHA1
b49f1df1e56c904162db24c187446ad0f8ed0873
-
SHA256
eb2fbb6206ae3f6783291e3bce4c451c20093ca6777fb769c19aecd1f3a3a36e
-
SHA512
5be3106a6f5e5f5021fe2b2a71334beacc46ef9e84649885dc293896e8738f0f8f02c3279142b19a11a269989acd9f6ab96eb086119c3629e6c2eb26b69f8bd8
-
SSDEEP
6144:kMK8BjzFwFVb+LkEu+zRhU9dR9pexYL6qsEOQL:pJlwFVb+LkEu+0dR9pCry
Static task
static1
Behavioral task
behavioral1
Sample
35557a3d1a90bdd05dab601b81ef886b.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
sep10as1
185.215.113.122:15386
-
auth_value
e45012eae57b2e57b34752fc802550c3
Targets
-
-
Target
35557a3d1a90bdd05dab601b81ef886b.exe
-
Size
207KB
-
MD5
35557a3d1a90bdd05dab601b81ef886b
-
SHA1
b49f1df1e56c904162db24c187446ad0f8ed0873
-
SHA256
eb2fbb6206ae3f6783291e3bce4c451c20093ca6777fb769c19aecd1f3a3a36e
-
SHA512
5be3106a6f5e5f5021fe2b2a71334beacc46ef9e84649885dc293896e8738f0f8f02c3279142b19a11a269989acd9f6ab96eb086119c3629e6c2eb26b69f8bd8
-
SSDEEP
6144:kMK8BjzFwFVb+LkEu+zRhU9dR9pexYL6qsEOQL:pJlwFVb+LkEu+0dR9pCry
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-