General
-
Target
CoD_fthLXV.zip
-
Size
6.3MB
-
Sample
230712-ktsk3scf26
-
MD5
eb7b760e23c641061acb0b3ea0f1dcd5
-
SHA1
bddf7f6caa99ba01dab0ac47193f10d142ada4f5
-
SHA256
748a3af13a44146f2e9337e937a463e3d1a04d94b6d8578217d73e34a0a65fef
-
SHA512
e1deed95b919bcfd2cbf966de7676f78f5f4a3eebca81667a6d1520c59d766e0f9f38884044b62817e379b5f7873c82ee197564f31c3fa6069c24061154b722f
-
SSDEEP
196608:7mvqH31LDItAEs4VoeHE7+WBt/dCGWmAwAG9rX2Nv9:7bX1LQAE7VjE7+u/VOXF
Static task
static1
Malware Config
Extracted
redline
2
65.21.118.109:42825
-
auth_value
94b6263d6b4ea59b523674dfddf3486c
Targets
-
-
Target
CoD_fthLXV/CoD_fthLXV.exe
-
Size
655.3MB
-
MD5
9d52562e1bcbc1556d6e33edbdd70e9e
-
SHA1
a7a165ab9a7a4587f2addd91c095cb9c149b60dc
-
SHA256
5f714c09e4cbb1deab68b4320264a4b6a1761d642e22363322cece672e525514
-
SHA512
9e0f96015873bf037129c4edbd13b3bc08b3fc0e635e08d0f7a1a2f4fd631f93562f5bf3762efe2e1f68a85bbfb957188cdcb422d1192b9183c111ed521c7c8e
-
SSDEEP
196608:ycBGJyabcS/gV5XEE0vQgH47YEZXvVcCywKCWUZrz/w:ydJPbV/gfXEhvv47YCvzin
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-