General
-
Target
089AEC6E06C67B19EB17226592C932C7B83B8D3F8AA2A.exe
-
Size
471KB
-
Sample
221206-1w72jsbb5t
-
MD5
99593bb17ce4e7d021d42f0244c78c7c
-
SHA1
33645c568325d0b6aa057e739c7fe3198dbbee02
-
SHA256
089aec6e06c67b19eb17226592c932c7b83b8d3f8aa2a3339205c1ca8e64a389
-
SHA512
5864ca0b756670d3aff0b8da1a4b07f8b9e9477e8e1f8777d22e0d18fc573a762bc94a3310358ae47b45a3a0a1b538b25e4702598ef4fcecb53580e017353594
-
SSDEEP
12288:aSonNv62ZocpPe+4RBbWUI/RgpSlgUlvCa:vGYN/FMMSlgUx
Static task
static1
Behavioral task
behavioral1
Sample
089AEC6E06C67B19EB17226592C932C7B83B8D3F8AA2A.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
089AEC6E06C67B19EB17226592C932C7B83B8D3F8AA2A.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
Eunewdomain1
hrabrlonian.xyz:81
-
auth_value
c7e61afc90a97addce2ecac4aaac2680
Targets
-
-
Target
089AEC6E06C67B19EB17226592C932C7B83B8D3F8AA2A.exe
-
Size
471KB
-
MD5
99593bb17ce4e7d021d42f0244c78c7c
-
SHA1
33645c568325d0b6aa057e739c7fe3198dbbee02
-
SHA256
089aec6e06c67b19eb17226592c932c7b83b8d3f8aa2a3339205c1ca8e64a389
-
SHA512
5864ca0b756670d3aff0b8da1a4b07f8b9e9477e8e1f8777d22e0d18fc573a762bc94a3310358ae47b45a3a0a1b538b25e4702598ef4fcecb53580e017353594
-
SSDEEP
12288:aSonNv62ZocpPe+4RBbWUI/RgpSlgUlvCa:vGYN/FMMSlgUx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-