General
-
Target
MoonWallet.zip
-
Size
1.7MB
-
Sample
230117-j4eljagg2s
-
MD5
3e50abece6c9e1753ee494bb0b5eb7a9
-
SHA1
a7eb4180a094e009ef3f4bd39ceeb1c9e022c1b5
-
SHA256
214733885f8bd3b7eaeba00d34defa2a7eec63bbe0e8efb4caf9d25821cb0da6
-
SHA512
0c3ce12c0c61da4875dc7c7aebd6c3b9f24bec1f010800f0a6834d8bd97a44bf046befd9e8c9f2434e0194131e60cfc79dca947c3e287e9935cf2d06bb00a868
-
SSDEEP
49152:iYm878BFiPHSHPIsH4KCpoWduO6ee55uo6i2Wy:hl+FXP2/neD6oy
Static task
static1
Behavioral task
behavioral1
Sample
MicrosoftRuntimeComponentsX86.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
4
95.217.102.105:1695
-
auth_value
e17158d5fc1b8a0e6865d1b4aed75b6a
Targets
-
-
Target
MicrosoftRuntimeComponentsX86.exe
-
Size
853.5MB
-
MD5
3fc8c48701df1828c47376ee5df96bd5
-
SHA1
0cf749ecd1750fa50975d7ebc9fecb16d5480337
-
SHA256
735dcf6c201cc373d21f08a4ea4b5d700f25d2a230e4d1fdb1d6514866df61cb
-
SHA512
e3e5e88d50e5d63448f4dcc5501ec6a907c1f77b2482c35a0fe0d416092b5b83cb03b5879d8291db37af8b76d5d72ec0544952dc36f885e00d907903a5dcfd96
-
SSDEEP
24576:6FJ4cp8auK1VOS4JfFm7DTzPCOeuThaPD1:6FJ3pxucOS4bm3HmuT0PD1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-