General
-
Target
6f931cb7abe25efabadf2dbed01920d8c559f362149c422af5228745ab413f65
-
Size
448KB
-
Sample
231230-mrp4aabebq
-
MD5
c22c31718d4cbb0365695f68edb57ada
-
SHA1
8dbf94484835c0b0112208704a513ba95e096f3b
-
SHA256
6f931cb7abe25efabadf2dbed01920d8c559f362149c422af5228745ab413f65
-
SHA512
51fd5c1784d1152736cb6ac3337fc7a6241ac4e502dea3770f05f89a6e558536e48c3c522c70f9a096ba6e21eb113054db413240d0b55381708c3517b42e2ce6
-
SSDEEP
6144:F1NMnDetY9tuM+cZ6/eFCdax1Y888KMgiiKIEAjIwYqcPr4ESDUF5:jNMn4M+HGeX8Uz1HzEsU
Behavioral task
behavioral1
Sample
6f931cb7abe25efabadf2dbed01920d8c559f362149c422af5228745ab413f65.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6f931cb7abe25efabadf2dbed01920d8c559f362149c422af5228745ab413f65.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
@cham1ng
45.15.156.167:80
Targets
-
-
Target
6f931cb7abe25efabadf2dbed01920d8c559f362149c422af5228745ab413f65
-
Size
448KB
-
MD5
c22c31718d4cbb0365695f68edb57ada
-
SHA1
8dbf94484835c0b0112208704a513ba95e096f3b
-
SHA256
6f931cb7abe25efabadf2dbed01920d8c559f362149c422af5228745ab413f65
-
SHA512
51fd5c1784d1152736cb6ac3337fc7a6241ac4e502dea3770f05f89a6e558536e48c3c522c70f9a096ba6e21eb113054db413240d0b55381708c3517b42e2ce6
-
SSDEEP
6144:F1NMnDetY9tuM+cZ6/eFCdax1Y888KMgiiKIEAjIwYqcPr4ESDUF5:jNMn4M+HGeX8Uz1HzEsU
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-