General
-
Target
06076499.exe
-
Size
602KB
-
Sample
230621-qs8hssba41
-
MD5
3f8f5177e8907b126f2575b67aea9db1
-
SHA1
30ac43a9c6dd799441519db56a14bf1a0e2b5bab
-
SHA256
712bd451f71fe3a5a3ad3b2d0965b0dd872c5348f8338af96c222add990a5326
-
SHA512
1537bb2ad49921ee5ef54ca940485d1ae9a4ec7308c77f938a47ce7451ce2e8e0638bf73511c092acfb0b1277a2c91ff202278b582d2b5319fa647b7e988f398
-
SSDEEP
6144:yJA+PQrKTvHaAGrWg8zg3JW+1LTgMDCkTQTplln9AwDKFp2XhIxwHl7czJ2nybTx:yC+Qr/AEWzzg5FkeCk0lN6pIjHayO
Static task
static1
Behavioral task
behavioral1
Sample
06076499.exe
Resource
win7-20230621-en
Behavioral task
behavioral2
Sample
06076499.exe
Resource
win10v2004-20230621-en
Malware Config
Extracted
redline
top
83.97.73.124:53
-
auth_value
053e5ccc53982413753b68419138b23a
Targets
-
-
Target
06076499.exe
-
Size
602KB
-
MD5
3f8f5177e8907b126f2575b67aea9db1
-
SHA1
30ac43a9c6dd799441519db56a14bf1a0e2b5bab
-
SHA256
712bd451f71fe3a5a3ad3b2d0965b0dd872c5348f8338af96c222add990a5326
-
SHA512
1537bb2ad49921ee5ef54ca940485d1ae9a4ec7308c77f938a47ce7451ce2e8e0638bf73511c092acfb0b1277a2c91ff202278b582d2b5319fa647b7e988f398
-
SSDEEP
6144:yJA+PQrKTvHaAGrWg8zg3JW+1LTgMDCkTQTplln9AwDKFp2XhIxwHl7czJ2nybTx:yC+Qr/AEWzzg5FkeCk0lN6pIjHayO
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-