General
-
Target
samuelzx.exe
-
Size
748KB
-
Sample
220920-jajcmaccd3
-
MD5
bc50206551400cd578d40ad82dc8acec
-
SHA1
91aef315ae4eb1b3b0bf351a7aed9e6b3ec6fcf0
-
SHA256
6a69706b050bfe1384d7a09c1e61b567171a71be82e43bf377b095762f28eee6
-
SHA512
110c7ebd538ae43b2b533187c8248ee107f8a4f373cf727f54241aa8d6e1934c257384d07f0fec19d278ba44ada1aed5b6eccf2615b60c8158e0c23a3bece984
-
SSDEEP
6144:8eWN4alYBW+vEdnUPjdjcqBEL+aH0rqmkkiXig9C+3gBhbVXp2sdC2OrSwRh3PtE:8Tyaicz2Pje4E/UrRTg9CjbL24mrl
Static task
static1
Behavioral task
behavioral1
Sample
samuelzx.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
sirus
147.124.223.126:4444
Targets
-
-
Target
samuelzx.exe
-
Size
748KB
-
MD5
bc50206551400cd578d40ad82dc8acec
-
SHA1
91aef315ae4eb1b3b0bf351a7aed9e6b3ec6fcf0
-
SHA256
6a69706b050bfe1384d7a09c1e61b567171a71be82e43bf377b095762f28eee6
-
SHA512
110c7ebd538ae43b2b533187c8248ee107f8a4f373cf727f54241aa8d6e1934c257384d07f0fec19d278ba44ada1aed5b6eccf2615b60c8158e0c23a3bece984
-
SSDEEP
6144:8eWN4alYBW+vEdnUPjdjcqBEL+aH0rqmkkiXig9C+3gBhbVXp2sdC2OrSwRh3PtE:8Tyaicz2Pje4E/UrRTg9CjbL24mrl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-