General
-
Target
Orderconfirmation#27682.exe
-
Size
365KB
-
Sample
230324-gj57msef4w
-
MD5
0d9e38ba72b9994260768357559328a3
-
SHA1
180ee5d2b2d8c6f5e993f77a1d9e1df9bd437bbd
-
SHA256
24c78f9f8f15c94f2616a13adce3fda09255d3e1a4b762ef21b561318c082d65
-
SHA512
9aec08e46fd7676794bcb4a39d216157569cf47d585eb53fcd4ce7dbb35deac158b6e64af2708345626f014b6cb36a8045438afedc75a2d60d6c59cee4989507
-
SSDEEP
6144:2JAk9dNbuyG+VkT2Elng0ydlBDK9rPn9mYwYqYYw9/KSKTBdyjgpCrVaIYPX:Z49NsT2Eln1yZ29rP9mrdywm
Static task
static1
Behavioral task
behavioral1
Sample
Orderconfirmation#27682.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
cheat
adm1234.duckdns.org:20603
Targets
-
-
Target
Orderconfirmation#27682.exe
-
Size
365KB
-
MD5
0d9e38ba72b9994260768357559328a3
-
SHA1
180ee5d2b2d8c6f5e993f77a1d9e1df9bd437bbd
-
SHA256
24c78f9f8f15c94f2616a13adce3fda09255d3e1a4b762ef21b561318c082d65
-
SHA512
9aec08e46fd7676794bcb4a39d216157569cf47d585eb53fcd4ce7dbb35deac158b6e64af2708345626f014b6cb36a8045438afedc75a2d60d6c59cee4989507
-
SSDEEP
6144:2JAk9dNbuyG+VkT2Elng0ydlBDK9rPn9mYwYqYYw9/KSKTBdyjgpCrVaIYPX:Z49NsT2Eln1yZ29rP9mrdywm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-