General
-
Target
89446ad8bfdc1d240bbd362f755a784300f8ab0182f2530939e32807105c90e2
-
Size
611KB
-
Sample
240101-fl1jhacaak
-
MD5
913cb7ba044839c97182b2a97aa9f500
-
SHA1
869e13154a62ac1d068a902b515e3a07e40e2a25
-
SHA256
89446ad8bfdc1d240bbd362f755a784300f8ab0182f2530939e32807105c90e2
-
SHA512
25ae0627a2a274e796b1c08ea6280acafd6e774e3d304ecd22e5329e9099b7f8f1b40176231ea02b9a25f22ee1b9cec2b584ceea9132dd83f4c85891a5f63f2c
-
SSDEEP
12288:sWo6Lw2KOSGztNPO426Lf4CJoiauszgwujsusTlU:sWLw25SCNPOCKwszgd4t
Static task
static1
Behavioral task
behavioral1
Sample
89446ad8bfdc1d240bbd362f755a784300f8ab0182f2530939e32807105c90e2.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
89446ad8bfdc1d240bbd362f755a784300f8ab0182f2530939e32807105c90e2.exe
Resource
win10-20231220-en
Malware Config
Extracted
redline
LiveTraffic
20.79.30.95:13856
Targets
-
-
Target
89446ad8bfdc1d240bbd362f755a784300f8ab0182f2530939e32807105c90e2
-
Size
611KB
-
MD5
913cb7ba044839c97182b2a97aa9f500
-
SHA1
869e13154a62ac1d068a902b515e3a07e40e2a25
-
SHA256
89446ad8bfdc1d240bbd362f755a784300f8ab0182f2530939e32807105c90e2
-
SHA512
25ae0627a2a274e796b1c08ea6280acafd6e774e3d304ecd22e5329e9099b7f8f1b40176231ea02b9a25f22ee1b9cec2b584ceea9132dd83f4c85891a5f63f2c
-
SSDEEP
12288:sWo6Lw2KOSGztNPO426Lf4CJoiauszgwujsusTlU:sWLw25SCNPOCKwszgd4t
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-