General
-
Target
12cacdee2734ea6367c4dbcbaf3ec0b5.exe
-
Size
169KB
-
Sample
220916-j5jxmsaggq
-
MD5
12cacdee2734ea6367c4dbcbaf3ec0b5
-
SHA1
30d631de6f5e0368a5105055ddf8ace224a0cbed
-
SHA256
cd2e85e7e4bd93de995663d0dd6737ecaf38948b886e64ce14815fb155e32e1b
-
SHA512
e7d3adf16640b3e70e4c48aa9080b5c8c83ca7c03673ca72a306cdc027b15b0de9d5e1c551c46a8d9dbf3d44c11f6384ed9c922355005b06b4a912a6b1f93551
-
SSDEEP
3072:NFP9GhxwVtZCrTT1BjzHcq7YUQIrcmINRYNCPEe:X9OwrMxBjzH+eoR9j
Static task
static1
Behavioral task
behavioral1
Sample
12cacdee2734ea6367c4dbcbaf3ec0b5.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
12cacdee2734ea6367c4dbcbaf3ec0b5.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Lyla3.12.09
185.215.113.216:21921
-
auth_value
893298c4bebea403e4a59dd151c4fcc2
Targets
-
-
Target
12cacdee2734ea6367c4dbcbaf3ec0b5.exe
-
Size
169KB
-
MD5
12cacdee2734ea6367c4dbcbaf3ec0b5
-
SHA1
30d631de6f5e0368a5105055ddf8ace224a0cbed
-
SHA256
cd2e85e7e4bd93de995663d0dd6737ecaf38948b886e64ce14815fb155e32e1b
-
SHA512
e7d3adf16640b3e70e4c48aa9080b5c8c83ca7c03673ca72a306cdc027b15b0de9d5e1c551c46a8d9dbf3d44c11f6384ed9c922355005b06b4a912a6b1f93551
-
SSDEEP
3072:NFP9GhxwVtZCrTT1BjzHcq7YUQIrcmINRYNCPEe:X9OwrMxBjzH+eoR9j
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-