General
-
Target
fb0650144a62da9db5c1427640486c81ca82ce7873f618b4059da65a32884515
-
Size
144KB
-
Sample
220915-e1slrsbhg6
-
MD5
8358f35acc59fcf23ae3385738575ef2
-
SHA1
153d9b242f17b9b17bd1c52de88ef9da628a1bd1
-
SHA256
fb0650144a62da9db5c1427640486c81ca82ce7873f618b4059da65a32884515
-
SHA512
90d5d284cbe1d6a53b4e017d05cd2bd773ff09868ad4654408c9fdf4ae5b124e75357fab0aa709c07ccdae143eca03da05ad4fc5fb43797ffe9f7605829bf69d
-
SSDEEP
1536:m0u3iJ2UUZ/ERBjzkQvNR5UDl+0W/QZiEPaMhFveYtQMsKFGP2UM4i:mhUUWRBjzFvL5U+f/Q+svDQMsKL
Static task
static1
Behavioral task
behavioral1
Sample
fb0650144a62da9db5c1427640486c81ca82ce7873f618b4059da65a32884515.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Lyla.11.09
185.215.113.216:21921
-
auth_value
a1e5192e588aa983d678ceb4d6e0d8b5
Targets
-
-
Target
fb0650144a62da9db5c1427640486c81ca82ce7873f618b4059da65a32884515
-
Size
144KB
-
MD5
8358f35acc59fcf23ae3385738575ef2
-
SHA1
153d9b242f17b9b17bd1c52de88ef9da628a1bd1
-
SHA256
fb0650144a62da9db5c1427640486c81ca82ce7873f618b4059da65a32884515
-
SHA512
90d5d284cbe1d6a53b4e017d05cd2bd773ff09868ad4654408c9fdf4ae5b124e75357fab0aa709c07ccdae143eca03da05ad4fc5fb43797ffe9f7605829bf69d
-
SSDEEP
1536:m0u3iJ2UUZ/ERBjzkQvNR5UDl+0W/QZiEPaMhFveYtQMsKFGP2UM4i:mhUUWRBjzFvL5U+f/Q+svDQMsKL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-