General
-
Target
UpDateMs.exe
-
Size
239KB
-
Sample
221003-fyms6shda6
-
MD5
daacc4b2ee305e1a7bedebad15a3ce39
-
SHA1
af59e7f1bc20c297b0b8bbc886644f7a8d2dc413
-
SHA256
8a60e80c171ee85d6849e22dcae7ca4cb75d76156f2595286cc31d8daed9cc1f
-
SHA512
0448ba3566786c26845e649a9299e09c164ee958b825e73c8dcedd75e2f3c25512b9b4d45ed1f828e60e504d72760020b4a92389cf8275d4af48cfc1b1cdd30e
-
SSDEEP
3072:hfTc4AW5W96tyD07mlfTtzF6AMrLkf+o+cVA7Mn0YZBCNo1wAfLp97vI0HbqLBEB:hw497407mlfTtRpeLYAcwgoo1wAf
Static task
static1
Behavioral task
behavioral1
Sample
UpDateMs.exe
Resource
win7-20220901-it
Malware Config
Extracted
redline
KAY
4.tcp.eu.ngrok.io:10490
Targets
-
-
Target
UpDateMs.exe
-
Size
239KB
-
MD5
daacc4b2ee305e1a7bedebad15a3ce39
-
SHA1
af59e7f1bc20c297b0b8bbc886644f7a8d2dc413
-
SHA256
8a60e80c171ee85d6849e22dcae7ca4cb75d76156f2595286cc31d8daed9cc1f
-
SHA512
0448ba3566786c26845e649a9299e09c164ee958b825e73c8dcedd75e2f3c25512b9b4d45ed1f828e60e504d72760020b4a92389cf8275d4af48cfc1b1cdd30e
-
SSDEEP
3072:hfTc4AW5W96tyD07mlfTtzF6AMrLkf+o+cVA7Mn0YZBCNo1wAfLp97vI0HbqLBEB:hw497407mlfTtRpeLYAcwgoo1wAf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-