General
-
Target
file.exe
-
Size
702KB
-
Sample
230104-bz9bcagg7t
-
MD5
888476e6905117c8c6bf2809f17e46d4
-
SHA1
d8943d00661b5d65f0896d37ed7ce12a6109b392
-
SHA256
c7563d952a00dd35e91dc7a259efcd6d7dd4079624ce38300c714a3f91de8f3e
-
SHA512
8fa132c0cf3731f0047c018d29d8614970fad4d33384e65dc485d4f235e418ee57eee3de90ce5a18dd25b661ee1d4349932ba8d9cdcbe8bc9c3b157c9c39cd03
-
SSDEEP
12288:r7eDTOhSwsN/nkEONJFxYu39feTUdjgMjZpiwBab2fObS5bDm:ryDCyQzxY+IoNgMjZ8wBNGS5m
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
HEXO-SOFTWARE
amrican-sport-live-stream.cc:4581
-
auth_value
fea440ffae02b6f56d7b00fe8105ccb8
Targets
-
-
Target
file.exe
-
Size
702KB
-
MD5
888476e6905117c8c6bf2809f17e46d4
-
SHA1
d8943d00661b5d65f0896d37ed7ce12a6109b392
-
SHA256
c7563d952a00dd35e91dc7a259efcd6d7dd4079624ce38300c714a3f91de8f3e
-
SHA512
8fa132c0cf3731f0047c018d29d8614970fad4d33384e65dc485d4f235e418ee57eee3de90ce5a18dd25b661ee1d4349932ba8d9cdcbe8bc9c3b157c9c39cd03
-
SSDEEP
12288:r7eDTOhSwsN/nkEONJFxYu39feTUdjgMjZpiwBab2fObS5bDm:ryDCyQzxY+IoNgMjZ8wBNGS5m
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-