General
-
Target
872a5dee4be75a8677bf2d905227e43e706e3f87a008de30c16d5cd256730fad
-
Size
1.3MB
-
Sample
221117-fd23csdf79
-
MD5
e924f93d838f03edd47759695b5ced49
-
SHA1
56fc3cdf00381bcf71fce9e3b7eecf07f53026b3
-
SHA256
872a5dee4be75a8677bf2d905227e43e706e3f87a008de30c16d5cd256730fad
-
SHA512
685733352962065d13a0cf22233b3c162899eff70947569e18796925182c579e07c608defffa967b9b9e917d1526f91c5ab0c82170bbac37f0f0cbc31b73da18
-
SSDEEP
24576:lI9iDSZlHH3nDfaxT2sRhFjWP1kpWbF998XWVZDJ:lIcElXDAT2GhwjsWVBJ
Static task
static1
Behavioral task
behavioral1
Sample
872a5dee4be75a8677bf2d905227e43e706e3f87a008de30c16d5cd256730fad.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
333333
79.137.194.32:5050
-
auth_value
0e0de8ec7f9ca54eeaacd4905c5421c1
Targets
-
-
Target
872a5dee4be75a8677bf2d905227e43e706e3f87a008de30c16d5cd256730fad
-
Size
1.3MB
-
MD5
e924f93d838f03edd47759695b5ced49
-
SHA1
56fc3cdf00381bcf71fce9e3b7eecf07f53026b3
-
SHA256
872a5dee4be75a8677bf2d905227e43e706e3f87a008de30c16d5cd256730fad
-
SHA512
685733352962065d13a0cf22233b3c162899eff70947569e18796925182c579e07c608defffa967b9b9e917d1526f91c5ab0c82170bbac37f0f0cbc31b73da18
-
SSDEEP
24576:lI9iDSZlHH3nDfaxT2sRhFjWP1kpWbF998XWVZDJ:lIcElXDAT2GhwjsWVBJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-