General
-
Target
0583d5be3f90408e4009070a24534fa160fcb54ad21e26d9ea6def5079ebee34
-
Size
1.4MB
-
Sample
230124-3sea6sfh3t
-
MD5
ef272f4ac591eff7b7677cf82464eb01
-
SHA1
47642305977ab71a7dd2c483144903b51929ba13
-
SHA256
0583d5be3f90408e4009070a24534fa160fcb54ad21e26d9ea6def5079ebee34
-
SHA512
ba53450993f02a85b69d78cfc7e4f28ed31272b71aaac26b89afbff26086f4e75c202e9dc202ad37cd17de955690a1d02bb8967fa4b57dd72a157d7d088c7794
-
SSDEEP
24576:k2eBlhNS1YtgjmwRlbAJDXzoiuct9sjT57y53SadwHM+WIULJBs+1+yPOfkaolWi:JeBlvS1mroiuUy57uiHHM+WIULfz17OH
Static task
static1
Behavioral task
behavioral1
Sample
0583d5be3f90408e4009070a24534fa160fcb54ad21e26d9ea6def5079ebee34.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
HEXO-SOFTWARE
amrican-sport-live-stream.cc:4581
-
auth_value
fea440ffae02b6f56d7b00fe8105ccb8
Targets
-
-
Target
0583d5be3f90408e4009070a24534fa160fcb54ad21e26d9ea6def5079ebee34
-
Size
1.4MB
-
MD5
ef272f4ac591eff7b7677cf82464eb01
-
SHA1
47642305977ab71a7dd2c483144903b51929ba13
-
SHA256
0583d5be3f90408e4009070a24534fa160fcb54ad21e26d9ea6def5079ebee34
-
SHA512
ba53450993f02a85b69d78cfc7e4f28ed31272b71aaac26b89afbff26086f4e75c202e9dc202ad37cd17de955690a1d02bb8967fa4b57dd72a157d7d088c7794
-
SSDEEP
24576:k2eBlhNS1YtgjmwRlbAJDXzoiuct9sjT57y53SadwHM+WIULJBs+1+yPOfkaolWi:JeBlvS1mroiuUy57uiHHM+WIULfz17OH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-