General
-
Target
UNIAPT Launcher.exe
-
Size
4.1MB
-
Sample
221206-xlxw2sgf5z
-
MD5
b6174655a6f8d89147b7a1f8ca50bea7
-
SHA1
532f032933935b8acc856accb2e648e2c9a86b6c
-
SHA256
9f20dcac19fb7fe1b341d073280ccd40ecb48b2abe2853c63e6caa0b332ed59a
-
SHA512
8797edacac81507a262468cce3f3ef51e8d19efa3b2ead4a91977e0f21bbf9328cb2dc1d944f84ba2a6aada2a456d7c6e4e6d92c1e132773774e2eb811f802a2
-
SSDEEP
98304:04G8n8I1ohmFCaRKfmBkR9RZ9BjB3A6k933:03IChHCkXNv3AR9
Static task
static1
Behavioral task
behavioral1
Sample
UNIAPT Launcher.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
UNIAPT Launcher.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
pure
79.137.199.206:45354
-
auth_value
8b46395e5b5a65e5013db82b3dfbcb69
Targets
-
-
Target
UNIAPT Launcher.exe
-
Size
4.1MB
-
MD5
b6174655a6f8d89147b7a1f8ca50bea7
-
SHA1
532f032933935b8acc856accb2e648e2c9a86b6c
-
SHA256
9f20dcac19fb7fe1b341d073280ccd40ecb48b2abe2853c63e6caa0b332ed59a
-
SHA512
8797edacac81507a262468cce3f3ef51e8d19efa3b2ead4a91977e0f21bbf9328cb2dc1d944f84ba2a6aada2a456d7c6e4e6d92c1e132773774e2eb811f802a2
-
SSDEEP
98304:04G8n8I1ohmFCaRKfmBkR9RZ9BjB3A6k933:03IChHCkXNv3AR9
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-