General
-
Target
NEAS.NEASNEAS81c8e32e41112edd57ece8eed85bba6fec5b3750a6b264504930798e623d1917exeexeexe_JC.exe
-
Size
5.6MB
-
Sample
231013-vs8wsaed22
-
MD5
81de0b0491c0a7af0539cbfddd5248bc
-
SHA1
724f5e4ab06069d0e0b8117c1b802bd028a9d97e
-
SHA256
81c8e32e41112edd57ece8eed85bba6fec5b3750a6b264504930798e623d1917
-
SHA512
381ffee29e05b5c78cf85ff5892373d2170e39aa70c2dc100980531c2cb98e0d5ce03918e69a33aeab4933f01f1fb6be0ff8d283720e3cae68a2e990d8442716
-
SSDEEP
98304:f1repUJlaEhSme+bpMt4PUMFfyQJsAHnsByU/On+KfoYY6gwzYpeafFSirJl76:VJlPdHWttMFqQzHsBh/On//gwZaNlrDO
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.NEASNEAS81c8e32e41112edd57ece8eed85bba6fec5b3750a6b264504930798e623d1917exeexeexe_JC.exe
Resource
win7-20230831-en
Malware Config
Extracted
redline
3
135.181.49.47:27356
Targets
-
-
Target
NEAS.NEASNEAS81c8e32e41112edd57ece8eed85bba6fec5b3750a6b264504930798e623d1917exeexeexe_JC.exe
-
Size
5.6MB
-
MD5
81de0b0491c0a7af0539cbfddd5248bc
-
SHA1
724f5e4ab06069d0e0b8117c1b802bd028a9d97e
-
SHA256
81c8e32e41112edd57ece8eed85bba6fec5b3750a6b264504930798e623d1917
-
SHA512
381ffee29e05b5c78cf85ff5892373d2170e39aa70c2dc100980531c2cb98e0d5ce03918e69a33aeab4933f01f1fb6be0ff8d283720e3cae68a2e990d8442716
-
SSDEEP
98304:f1repUJlaEhSme+bpMt4PUMFfyQJsAHnsByU/On+KfoYY6gwzYpeafFSirJl76:VJlPdHWttMFqQzHsBh/On//gwZaNlrDO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-