General
-
Target
tmp
-
Size
1.6MB
-
Sample
230324-f86n2aee7v
-
MD5
e5f500ae2fdb4ab9f6be5475964ec5c7
-
SHA1
a9227afc32e5ce7722c8927f4c3f8c7b26da9923
-
SHA256
bc3806f66884b0cca0e04cd6ec09f391f5ea3855e3ce6bd621e04706ece5e6ed
-
SHA512
768916e73c77bed2394e428621ae39521f8ebcff2a4b367f9ae1510165aacb1f29a04953845a8026f3f5ee10123cadbf929e3b2ed0117f6f3b8c9d13e681c366
-
SSDEEP
49152:OhWTfPjDurtiIIMmk7Shxtj+EXQW054yobLhT:rDXInmGShDJXQW054yqhT
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
mix1
80.85.157.78:13331
-
auth_value
4f9b36b8bfdf2607d3f0e623584037e2
Extracted
vidar
3.1
ba1fc89d9f7df84dadf34886aabb246c
https://t.me/owned001
http://65.109.236.2:80
https://t.me/tabootalks
https://steamcommunity.com/profiles/76561199472266392
http://135.181.26.183:80
-
profile_id_v2
ba1fc89d9f7df84dadf34886aabb246c
-
user_agent
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 OPR/91.0.4516.79
Targets
-
-
Target
tmp
-
Size
1.6MB
-
MD5
e5f500ae2fdb4ab9f6be5475964ec5c7
-
SHA1
a9227afc32e5ce7722c8927f4c3f8c7b26da9923
-
SHA256
bc3806f66884b0cca0e04cd6ec09f391f5ea3855e3ce6bd621e04706ece5e6ed
-
SHA512
768916e73c77bed2394e428621ae39521f8ebcff2a4b367f9ae1510165aacb1f29a04953845a8026f3f5ee10123cadbf929e3b2ed0117f6f3b8c9d13e681c366
-
SSDEEP
49152:OhWTfPjDurtiIIMmk7Shxtj+EXQW054yobLhT:rDXInmGShDJXQW054yqhT
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-