General
-
Target
B A T pass135.rar
-
Size
6.3MB
-
Sample
230913-brcmeabd87
-
MD5
86fcc3bdee91f37139e5ce209453435c
-
SHA1
8ab9fdbdcd01ac24ff25b16ae2d7871f87299cc8
-
SHA256
05ad540d6d9375bb3fe7a784ee3eccc5f24f350c968c057422ce5a8a6399ebda
-
SHA512
7a31527bec5d3e9caf6ab0e15136422771d4280d853e2ce42a26d3f685b63ae8033a838ee158ce3d3e83587f63e7c4f6f1a04996a3fe3bbe36090dad0919f87d
-
SSDEEP
196608:VCPFwMRtp6mKM4qNAuFTAqeMvjWgcbFMKqxVlg1AB:VC9wkkmVbAWvjObWxbg+
Static task
static1
Behavioral task
behavioral1
Sample
B A T/B A T.exe
Resource
win7-20230831-en
Malware Config
Extracted
redline
4
95.217.102.56:34889
-
auth_value
9df53bb7f6419105594518c07e5aa1cb
Targets
-
-
Target
B A T/B A T.exe
-
Size
655.4MB
-
MD5
a91732f562a017b37e84f3419e735955
-
SHA1
81d134d81f6c290ee7ba32d3222003efa4db6d1d
-
SHA256
2b65bb4e4d8f3a51b1f549b7b46b05fdf378fb861d3f9e6eded2c4a6bde42ec7
-
SHA512
741309f1e007f0b9406c48a7acd3fef4eb89515de89b9d71014a14af8809e09f92bff33acdf7850e1aba36aa12c76dd48c33ade96deb85480514dfcb59071993
-
SSDEEP
98304:CT24t+4LP7eHDKtmbwOHE3PfIxGFNN8fDHFjoWn5dX/Li4K2fHmu0Os1/pPAR:CTPl+HpVUbNN8fDHdxLvffG1pAR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-