General
-
Target
2CDE23B16BD96A257BB37E37DF2C48D6.exe
-
Size
655KB
-
Sample
231214-xr23ysfhgl
-
MD5
2cde23b16bd96a257bb37e37df2c48d6
-
SHA1
1abb9a627d97d8dce69e3cb1f839a190de909887
-
SHA256
7d7aa96711d95594ef9c4d53d4698ec8d845c501e4a18ccd09fdc1dca58a4235
-
SHA512
28440d2947d5dc4aa3981dca38e9baf5acb24d6b8792d69ce3424779ed5ec0837d0cc809b13b312f92357a7b2cb0c2a388737cbb8935cb15ceeb37d3b40bcd32
-
SSDEEP
12288:Rb27ADkIB4y8HJYqj+BZjHkTy7E75dJHMvJHHqn9GW2Ju:Rb27YZcj3DldJHMvlqn9GV
Static task
static1
Behavioral task
behavioral1
Sample
2CDE23B16BD96A257BB37E37DF2C48D6.exe
Resource
win7-20231129-en
Malware Config
Extracted
redline
5
janaremrau.com:80
Targets
-
-
Target
2CDE23B16BD96A257BB37E37DF2C48D6.exe
-
Size
655KB
-
MD5
2cde23b16bd96a257bb37e37df2c48d6
-
SHA1
1abb9a627d97d8dce69e3cb1f839a190de909887
-
SHA256
7d7aa96711d95594ef9c4d53d4698ec8d845c501e4a18ccd09fdc1dca58a4235
-
SHA512
28440d2947d5dc4aa3981dca38e9baf5acb24d6b8792d69ce3424779ed5ec0837d0cc809b13b312f92357a7b2cb0c2a388737cbb8935cb15ceeb37d3b40bcd32
-
SSDEEP
12288:Rb27ADkIB4y8HJYqj+BZjHkTy7E75dJHMvJHHqn9GW2Ju:Rb27YZcj3DldJHMvlqn9GV
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-