General
-
Target
rrrr.exe
-
Size
258KB
-
Sample
230406-y2w55agh81
-
MD5
5010f50fdbbebde8c86d9944dd9545a5
-
SHA1
5f208fa5a783bef7f281b877af3f5a1a844d461d
-
SHA256
2cbbd2ddcf06673ed1ad758b71f2df75a21543ea149f15a73773ae90c6f5bce5
-
SHA512
e5294d0b026b562b06b62f0a32fcd2854830ea97438ae6a825a2d6de7f49fdfd70d6ffbb25bf6e75f78dd7b04f787022e3c084b51747eac7125c928f974e52ad
-
SSDEEP
6144:/Ya6I/wvDFP59p/mHNLeK5Vm9xbqVMpf4nRzk9zgq6yMOuzBjsPOMccFQB:/YWILl59pOHIt/2MpgRzk9SyMryOH
Static task
static1
Behavioral task
behavioral1
Sample
rrrr.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
cheat
david1234.duckdns.org:38369
Targets
-
-
Target
rrrr.exe
-
Size
258KB
-
MD5
5010f50fdbbebde8c86d9944dd9545a5
-
SHA1
5f208fa5a783bef7f281b877af3f5a1a844d461d
-
SHA256
2cbbd2ddcf06673ed1ad758b71f2df75a21543ea149f15a73773ae90c6f5bce5
-
SHA512
e5294d0b026b562b06b62f0a32fcd2854830ea97438ae6a825a2d6de7f49fdfd70d6ffbb25bf6e75f78dd7b04f787022e3c084b51747eac7125c928f974e52ad
-
SSDEEP
6144:/Ya6I/wvDFP59p/mHNLeK5Vm9xbqVMpf4nRzk9zgq6yMOuzBjsPOMccFQB:/YWILl59pOHIt/2MpgRzk9SyMryOH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-