General
-
Target
eira.zip
-
Size
1.5MB
-
Sample
221010-kbrwtsbdbp
-
MD5
0d6a424f41bfa4d706ff7449859e8862
-
SHA1
eae88fa09c19ae95915237906d9a6e96fddefb9f
-
SHA256
43fcbced48b47166f1e3076c6e67a9fa24994777ae13d9420c4865f01292f8b4
-
SHA512
ad539faec6821994dff9a52d700ecff3393248729a536d6f7c76e03c8062878a5e675449290f72c7cfafd07d98767cda2c3568c2df38b150b35e65ec7ea6b32b
-
SSDEEP
24576:YwYpkzWoerv77sRJ1YUqxyFFLeRK012zec6G7ozvJW+VtCVDF4YAVI27K66dUls:YwY577sJPLeYsYeOEzvg+raDGYuIRUls
Static task
static1
Behavioral task
behavioral1
Sample
MicrosoftRuntimeComponents.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
MicrosoftRuntimeComponents.exe
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
MicrosoftRuntimeComponents.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
4
65.108.208.77:7079
-
auth_value
5960e9132cc19aa61f05cfde86bd2272
Targets
-
-
Target
MicrosoftRuntimeComponents.exe
-
Size
833.5MB
-
MD5
ad71745bcb2bb1d4a79ec5c75062d09b
-
SHA1
4545aecb1eb4c1a24641512b90b66782fea36fc9
-
SHA256
a91873b251e1715b1e8b08e11625ff41299101145532ec7d2dfc2a388e3ba7b0
-
SHA512
47f8bc782f58bcf469dee10ec729e919be561dc21c74231516aca3451b989381ed70b30629575a182a9e4f93f17f085ef468003d2480b003e9ac710af9ec1dfa
-
SSDEEP
12288:GnjoJLD6/JnWZQzjFeM6DJOjB9sTTHymtrGj2PLpKDqXt1M4fN1rslbEpWxUF3HM:CnYQb6VOOiqE+U4fNRzHOS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-