General
-
Target
9547dd1fc88dc8cef6210d82b3ed0ad8.exe
-
Size
145KB
-
Sample
220916-jbtjzsehh7
-
MD5
9547dd1fc88dc8cef6210d82b3ed0ad8
-
SHA1
38eedb531c5ecab6fd3d3f585d7760ee4c5b2d81
-
SHA256
d9f03a142d11c22b9a4d6f672d4d2733d01b9ef3a7d4760910f7c1f766daef0e
-
SHA512
23751bad429149f3e0e0507a62ab043a1dd914ad9f5ff630024e452d9538feadbb257121b43fbc7adb7e937262155410028db4895c6ff9a21bafc681ca770ea4
-
SSDEEP
3072:Y7osI+wJBjzFpTfiP16pNydXSy26+dZCSfwXR4lAmwyktPIX:E9aBjzFpT6N6bydO9RUi
Static task
static1
Behavioral task
behavioral1
Sample
9547dd1fc88dc8cef6210d82b3ed0ad8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
9547dd1fc88dc8cef6210d82b3ed0ad8.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
Lyla3.12.09
185.215.113.216:21921
-
auth_value
893298c4bebea403e4a59dd151c4fcc2
Targets
-
-
Target
9547dd1fc88dc8cef6210d82b3ed0ad8.exe
-
Size
145KB
-
MD5
9547dd1fc88dc8cef6210d82b3ed0ad8
-
SHA1
38eedb531c5ecab6fd3d3f585d7760ee4c5b2d81
-
SHA256
d9f03a142d11c22b9a4d6f672d4d2733d01b9ef3a7d4760910f7c1f766daef0e
-
SHA512
23751bad429149f3e0e0507a62ab043a1dd914ad9f5ff630024e452d9538feadbb257121b43fbc7adb7e937262155410028db4895c6ff9a21bafc681ca770ea4
-
SSDEEP
3072:Y7osI+wJBjzFpTfiP16pNydXSy26+dZCSfwXR4lAmwyktPIX:E9aBjzFpT6N6bydO9RUi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-