General
-
Target
2c45508907c68d25ae9ef9bd141737492a72fe0984ad6335a994c7c7765c1564
-
Size
228KB
-
Sample
220913-wtmwdagce5
-
MD5
665caec5d39eaaa9e592b4edb78b3723
-
SHA1
5b8a726a72aecf7746bfdb085cbd72d05d129ec1
-
SHA256
2c45508907c68d25ae9ef9bd141737492a72fe0984ad6335a994c7c7765c1564
-
SHA512
51b2d7543590f7665e33983a726a14f8ea2bd6ff7e1546d0340c96b605e0b5bc8ee269faba934b1e3da8b9fa066b86cf9765556ccbaab0313063378a1d80060c
-
SSDEEP
6144:ue05uwL2gMxrBjzUOzL9F0xrc+jdVuZFu:ue0owL27t75N
Static task
static1
Behavioral task
behavioral1
Sample
2c45508907c68d25ae9ef9bd141737492a72fe0984ad6335a994c7c7765c1564.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Lyla.11.09
185.215.113.216:21921
-
auth_value
a1e5192e588aa983d678ceb4d6e0d8b5
Targets
-
-
Target
2c45508907c68d25ae9ef9bd141737492a72fe0984ad6335a994c7c7765c1564
-
Size
228KB
-
MD5
665caec5d39eaaa9e592b4edb78b3723
-
SHA1
5b8a726a72aecf7746bfdb085cbd72d05d129ec1
-
SHA256
2c45508907c68d25ae9ef9bd141737492a72fe0984ad6335a994c7c7765c1564
-
SHA512
51b2d7543590f7665e33983a726a14f8ea2bd6ff7e1546d0340c96b605e0b5bc8ee269faba934b1e3da8b9fa066b86cf9765556ccbaab0313063378a1d80060c
-
SSDEEP
6144:ue05uwL2gMxrBjzUOzL9F0xrc+jdVuZFu:ue0owL27t75N
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-