General
-
Target
1666098829.rar
-
Size
444KB
-
Sample
221018-qs5rxafhg6
-
MD5
b7f595275670cbac280a124f75198061
-
SHA1
1c81d12ffcc9e22542ef905dfe41a53e7808bb54
-
SHA256
60e6150a46a65c937b5370fd2615b779a59d4a4e64edc345172403e7a390ec02
-
SHA512
a5da2fc387dc3b4a5b97a2a973cf04cf46aea88baeea690bd21218feedd6d8149b6b0cbf299b96e2ad4679ef1e9ddfc310ebd73f617acde23db27d11ef795649
-
SSDEEP
12288:q4/zHmzmRNQBIRgwlkUCf7DtIfX7VZRCmpncQ:hymrQieiJOpKXfkmpcQ
Behavioral task
behavioral1
Sample
About/About.pdf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
About/About.pdf
Resource
win10-20220812-en
Behavioral task
behavioral3
Sample
About/About.pdf
Resource
win10v2004-20220901-en
Behavioral task
behavioral4
Sample
MetaLauncher.exe
Resource
win7-20220812-en
Behavioral task
behavioral5
Sample
MetaLauncher.exe
Resource
win10-20220812-en
Behavioral task
behavioral6
Sample
MetaLauncher.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
cryptex
185.106.93.212:5616
-
auth_value
37d14024d256c3c1402d889a89376087
Targets
-
-
Target
About/About.pdf
-
Size
185KB
-
MD5
f8e98d604f7c63275ee8739708345baf
-
SHA1
218bb6ab3a6b4899c22ae798691c30acfe423a7c
-
SHA256
dafccfc02c2ad502683ddf61224d6d66eba1e6d5ba13a92b15381af51bb4715a
-
SHA512
05076043c463a3483cd6be000407ba6a5641413a4e0928b2ea1f6ab84bf2b1244c6737b221be7dc9db7a1ea8fc5ea2c34782307babe77916d33ae6cb19b6de05
-
SSDEEP
3072:GdbzlBgmxq3pSxw8FE92HVePu0kiFRiNifT9hQfmRcUQ88k4YLs3L2yFAVxVRjKm:GdbvTq3Mk21GuUFENYTsmRcOoY46yFAV
Score1/10 -
-
-
Target
MetaLauncher.exe
-
Size
700.5MB
-
MD5
600237ec7d74cb6b528867f26ae33977
-
SHA1
37908809d150700feb0f8eee0ed9c8274c6d35ed
-
SHA256
588b0421021a7380c20b270c5262d6fc99294e186e9bebb78aaa255486fe449a
-
SHA512
3967de420952bba8f3b390be6f7de0420ea31d3411b4922eee5b74e961bc4ac72c5b79aeab4f1c89bb09d6b84a80e5be4db655d04045114bfbf5ecb7a0d4e635
-
SSDEEP
12288:dwSfhUzOJgt7O3iu2qh/pyVCfY9JvaS1p5eB7A:/hUzKgQ3zjS5dDeBM
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-