General
-
Target
b2c1e70f30e4d975f591d4e91bc6ba75983a0febff66dcb8a046f0a20776e11b
-
Size
3.1MB
-
Sample
220928-zatrcsabdj
-
MD5
017cf69e1b85d3ea820a41f8b86eba76
-
SHA1
48e0282ab8ba28b25c851a0e8bb42d7403740a9e
-
SHA256
b2c1e70f30e4d975f591d4e91bc6ba75983a0febff66dcb8a046f0a20776e11b
-
SHA512
b203a68e8e879920e36e24e076c1e9ed892b6d031bff9acc6d2390612c9b34d34fcc1442dd65c7e7ec85bf25cc31b26f08c2e800edeb1e51c6591b2ac2dce2a2
-
SSDEEP
12288:3iYImGPztYZPNwUPaa2qk+LFCxviVJ4bZSc:SYazmZ1wUn20xCxv6J+Z
Static task
static1
Behavioral task
behavioral1
Sample
b2c1e70f30e4d975f591d4e91bc6ba75983a0febff66dcb8a046f0a20776e11b.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Lyla.22.09
185.215.113.216:21921
-
auth_value
2f19888cb6bad7fdc46df91dc06aacc5
Targets
-
-
Target
b2c1e70f30e4d975f591d4e91bc6ba75983a0febff66dcb8a046f0a20776e11b
-
Size
3.1MB
-
MD5
017cf69e1b85d3ea820a41f8b86eba76
-
SHA1
48e0282ab8ba28b25c851a0e8bb42d7403740a9e
-
SHA256
b2c1e70f30e4d975f591d4e91bc6ba75983a0febff66dcb8a046f0a20776e11b
-
SHA512
b203a68e8e879920e36e24e076c1e9ed892b6d031bff9acc6d2390612c9b34d34fcc1442dd65c7e7ec85bf25cc31b26f08c2e800edeb1e51c6591b2ac2dce2a2
-
SSDEEP
12288:3iYImGPztYZPNwUPaa2qk+LFCxviVJ4bZSc:SYazmZ1wUn20xCxv6J+Z
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-