General
-
Target
541b60ce9cdcec5f30a81f50287a7309.exe
-
Size
204KB
-
Sample
221116-n6w1taad49
-
MD5
541b60ce9cdcec5f30a81f50287a7309
-
SHA1
21d09660812d10f0db42494610ae0db2e4db35a8
-
SHA256
bc19e99b5f12e55d0085cd808827e33ba97e2f0a17f7ba32516afde0f5c3ca47
-
SHA512
e74ab8543e29c719fb5b7882092549c48feac73f30c775ba2aecf9f4c8a5544715ec76ed97a338902b16a6eb2d2d306c042bbb52eedbe69f50881f17ea1e1974
-
SSDEEP
3072:6rBY49ntyZeW+wL/fh9y3cdOq6tPlJXhxW0nCIjtpqePvVw7+B+FmT4S/bws/Cxo:6rBY4ywWFLfWzXbu51
Static task
static1
Behavioral task
behavioral1
Sample
541b60ce9cdcec5f30a81f50287a7309.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
1
77.91.102.72:31598
-
auth_value
16a2d7f0fda0ec607bf6663d787829ef
Targets
-
-
Target
541b60ce9cdcec5f30a81f50287a7309.exe
-
Size
204KB
-
MD5
541b60ce9cdcec5f30a81f50287a7309
-
SHA1
21d09660812d10f0db42494610ae0db2e4db35a8
-
SHA256
bc19e99b5f12e55d0085cd808827e33ba97e2f0a17f7ba32516afde0f5c3ca47
-
SHA512
e74ab8543e29c719fb5b7882092549c48feac73f30c775ba2aecf9f4c8a5544715ec76ed97a338902b16a6eb2d2d306c042bbb52eedbe69f50881f17ea1e1974
-
SSDEEP
3072:6rBY49ntyZeW+wL/fh9y3cdOq6tPlJXhxW0nCIjtpqePvVw7+B+FmT4S/bws/Cxo:6rBY4ywWFLfWzXbu51
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-