General
-
Target
WhatsApp.zip
-
Size
2.0MB
-
Sample
221003-j15csaeeb5
-
MD5
7a7d89ac4d82aa7795f2b9f1a31e5af7
-
SHA1
61be942a4a1cc9db6fe9bada4ee4bddba5b70d90
-
SHA256
7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc
-
SHA512
65cb69df22f21538373b1eeb4d1078c65a19fec26e1ad2433049e8f264d2c267749276c7efe3c7a718a4dc272387b31917b515eccc2d103a5ff435a2ebd7ad34
-
SSDEEP
24576:S8d0uPJoYYRUg0A+iV7iC5xRpwHotUFUAsGWV18wr+tNUtdkP74cvUv2R:S8OuXYR1R+iViyijyjVhWmtCPyv2R
Static task
static1
Behavioral task
behavioral1
Sample
WhatsApp/WhatsApp.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
WS-30
38.91.100.57:32750
-
auth_value
28ec3879b1ff499f6d9b6d3735d23e33
Targets
-
-
Target
WhatsApp/WhatsApp.exe
-
Size
700.0MB
-
MD5
eed6f462fa1726e08e0484b390ca06b0
-
SHA1
8e70784980600025bbc4fa69498e001c65455a8e
-
SHA256
658b0fd44002ad353d0cf9cb604e9b8cfcad04a3d221c5133bcf6872bca73577
-
SHA512
af67542f607afbe0f00de61c4d672b2736a375bd484d445cdd4c1e76407467babdb633849f16bbe411cd87f4194ba4024cdca82a1f8d58339c10d4c972903b9e
-
SSDEEP
12288:Fwe20JjM2oJNVmnWZQzjFeM6DJOjB9sTTHyW8PCVmGZqfOTP/cBtApi2b3r:FnRqVmnYQb6VOKyKg6b3r
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-