General
-
Target
file.exe
-
Size
155KB
-
Sample
221202-t7pwsaee98
-
MD5
f9e5e8e28ee4775d810ba50b85b8cf65
-
SHA1
9ee3208226dcc1f247861b06bff7e9793f1cc3fe
-
SHA256
8609b2a6570708891a3182848a3bb3ec265b648399307200d61e59574c00efaf
-
SHA512
0e4a749cb560c3438f47d0290fa06a1bf010cddc4553168ba49423f78191126a07badd896685caab559717625b5141c2ddac2e1fab52926dd2c0750d90cc27d8
-
SSDEEP
3072:jSFZQkfSBwkQ+3Pt2kBjzPFXOcmaOtz3d62eonTQ+b:OALJHt5BjzQZtQ2esQ+b
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
Lyla.11.09
185.215.113.216:21921
-
auth_value
a1e5192e588aa983d678ceb4d6e0d8b5
Targets
-
-
Target
file.exe
-
Size
155KB
-
MD5
f9e5e8e28ee4775d810ba50b85b8cf65
-
SHA1
9ee3208226dcc1f247861b06bff7e9793f1cc3fe
-
SHA256
8609b2a6570708891a3182848a3bb3ec265b648399307200d61e59574c00efaf
-
SHA512
0e4a749cb560c3438f47d0290fa06a1bf010cddc4553168ba49423f78191126a07badd896685caab559717625b5141c2ddac2e1fab52926dd2c0750d90cc27d8
-
SSDEEP
3072:jSFZQkfSBwkQ+3Pt2kBjzPFXOcmaOtz3d62eonTQ+b:OALJHt5BjzQZtQ2esQ+b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-