General
-
Target
file
-
Size
206KB
-
Sample
230307-pxkrvshd6x
-
MD5
307ce80121e9db63857ffbcc6e6f413e
-
SHA1
9721de97ac9d1ff4b6224fff96700acdc2a51984
-
SHA256
70b1cf50a59c123dacf50e8f9356e0b65c850e05aa2511bb8d5556b87ce12f8e
-
SHA512
fc3ec1a3c8acf148051d74bec02caf5ffdd7428d271ce7f56eed8a2b78ef7014c69300d1c704861370b255e361b35daade8fb3da0dcd914d462311e5ce171961
-
SSDEEP
6144:PYa6O699YTGIehAlmP4+LOmt4qTGu9E2kw3mP:PYA6OpeK+LO2TT/91k/P
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
cheat
193.47.61.37:38369
Targets
-
-
Target
file
-
Size
206KB
-
MD5
307ce80121e9db63857ffbcc6e6f413e
-
SHA1
9721de97ac9d1ff4b6224fff96700acdc2a51984
-
SHA256
70b1cf50a59c123dacf50e8f9356e0b65c850e05aa2511bb8d5556b87ce12f8e
-
SHA512
fc3ec1a3c8acf148051d74bec02caf5ffdd7428d271ce7f56eed8a2b78ef7014c69300d1c704861370b255e361b35daade8fb3da0dcd914d462311e5ce171961
-
SSDEEP
6144:PYa6O699YTGIehAlmP4+LOmt4qTGu9E2kw3mP:PYA6OpeK+LO2TT/91k/P
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-