General

  • Target

    570efc68da46e50e3eea236631563a18.exe

  • Size

    6.5MB

  • Sample

    230825-j8zr9sbg9t

  • MD5

    570efc68da46e50e3eea236631563a18

  • SHA1

    a3005e8c78bbff5b78c2a50d5076115119d2a526

  • SHA256

    97d5f77f0a710652228f3275c412593cf378cd631ab0cf32e922a1dce1dd9c7f

  • SHA512

    e0522026b5872db2ab2ca32d741d42b0783edf0c64b1a02b73fc566eb0fc99d323ce42ce79f6ca811e4428383bfc1db596bb5406d2a2456e7d6a76a8e0c3c3b0

  • SSDEEP

    196608:RMrnBhp03r6MN7bIv/ir/xPvhRS23TTdYeDtmC7uO/:RMrb+7FhIv/i9HjS2DTlDwCCO

Malware Config

Targets

    • Target

      570efc68da46e50e3eea236631563a18.exe

    • Size

      6.5MB

    • MD5

      570efc68da46e50e3eea236631563a18

    • SHA1

      a3005e8c78bbff5b78c2a50d5076115119d2a526

    • SHA256

      97d5f77f0a710652228f3275c412593cf378cd631ab0cf32e922a1dce1dd9c7f

    • SHA512

      e0522026b5872db2ab2ca32d741d42b0783edf0c64b1a02b73fc566eb0fc99d323ce42ce79f6ca811e4428383bfc1db596bb5406d2a2456e7d6a76a8e0c3c3b0

    • SSDEEP

      196608:RMrnBhp03r6MN7bIv/ir/xPvhRS23TTdYeDtmC7uO/:RMrb+7FhIv/i9HjS2DTlDwCCO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks