General
-
Target
qqq.exe
-
Size
841KB
-
Sample
221019-bvntvaehfr
-
MD5
79a24a331ec7b5d3b1cf688cc64d995a
-
SHA1
bbd5cf02858f30b4bb329b0a12c4d844656d11f3
-
SHA256
3d568dc9ee07bf5ebe9314d2aea822b1bf4de89110e7c027e151bde134b35ba5
-
SHA512
2e68f0549682f70fa692ba5f69fbcc458da4726cf965f70331318408d1e5307dc08a33ba5798a3d4c521b2cc0c7da36f041a6547bc2c80e09936cb8f4aadb546
-
SSDEEP
24576:AFejHjpj47GLpGLMMMHMMMvMMZMMMKzbKXOMMHMMMvMMZMMMKzbKX7GLMMMHMMM3:AEjDpj4qMMHMMMvMMZMMMFOMMHMMMvMf
Static task
static1
Behavioral task
behavioral1
Sample
qqq.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
qqq.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
Crypt_Cryptex_V1
194.36.177.60:81
-
auth_value
d8f662f9a9589a3ffdce7a16109ab9b7
Targets
-
-
Target
qqq.exe
-
Size
841KB
-
MD5
79a24a331ec7b5d3b1cf688cc64d995a
-
SHA1
bbd5cf02858f30b4bb329b0a12c4d844656d11f3
-
SHA256
3d568dc9ee07bf5ebe9314d2aea822b1bf4de89110e7c027e151bde134b35ba5
-
SHA512
2e68f0549682f70fa692ba5f69fbcc458da4726cf965f70331318408d1e5307dc08a33ba5798a3d4c521b2cc0c7da36f041a6547bc2c80e09936cb8f4aadb546
-
SSDEEP
24576:AFejHjpj47GLpGLMMMHMMMvMMZMMMKzbKXOMMHMMMvMMZMMMKzbKX7GLMMMHMMM3:AEjDpj4qMMHMMMvMMZMMMFOMMHMMMvMf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
YTStealer payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-