General
-
Target
858e68680bd069abc15038f92335361700eaf36ac9aa61ff8c54f555eb83939f
-
Size
3.9MB
-
Sample
231118-bpna5agd79
-
MD5
cac3d966342e978c8604f5dbd3e4352a
-
SHA1
617e28d9c047dc4bd970bbb1915cc159abc8473e
-
SHA256
858e68680bd069abc15038f92335361700eaf36ac9aa61ff8c54f555eb83939f
-
SHA512
d7eea99be0e9602e7dffb642ce9d3c7f1fbb04bf8fc9cd763cd5c829f41d743e3613b3ecd0e24244787b8d79391e6f6f397d33a41a5bab878a886bde47514eae
-
SSDEEP
98304:YCHL70XKljH3xzwmGss0VV0B7cOeE8li5o5i:LHL70XsjH3xUmq0VViIPE8l
Static task
static1
Behavioral task
behavioral1
Sample
858e68680bd069abc15038f92335361700eaf36ac9aa61ff8c54f555eb83939f.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
13
77.91.68.235:9486
Targets
-
-
Target
858e68680bd069abc15038f92335361700eaf36ac9aa61ff8c54f555eb83939f
-
Size
3.9MB
-
MD5
cac3d966342e978c8604f5dbd3e4352a
-
SHA1
617e28d9c047dc4bd970bbb1915cc159abc8473e
-
SHA256
858e68680bd069abc15038f92335361700eaf36ac9aa61ff8c54f555eb83939f
-
SHA512
d7eea99be0e9602e7dffb642ce9d3c7f1fbb04bf8fc9cd763cd5c829f41d743e3613b3ecd0e24244787b8d79391e6f6f397d33a41a5bab878a886bde47514eae
-
SSDEEP
98304:YCHL70XKljH3xzwmGss0VV0B7cOeE8li5o5i:LHL70XsjH3xUmq0VViIPE8l
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-