General
-
Target
6548f741cb41a51f5e5373586ce6b940.exe
-
Size
271KB
-
Sample
240114-jktaksfdf5
-
MD5
6548f741cb41a51f5e5373586ce6b940
-
SHA1
291bad1c0d06c5af48005dc4eca7f76d5312845b
-
SHA256
f958ce56b688316c3905d3de8770ad2f4e983b9b4824281cd285fecac12051f1
-
SHA512
cd98f0379ed410890c2b2f279384c49ba7cdb82d11b5f6ed100b33c7755149893bcc2256ea2b842fbe1ad585a4e31cd752a7014f29cda036571a98ba98c9f5d8
-
SSDEEP
6144:NZ/b9e1VGnTezP8KwPBVu0AlICpOgCKvZnmpz:U1mTeL8va08I+fmpz
Static task
static1
Behavioral task
behavioral1
Sample
6548f741cb41a51f5e5373586ce6b940.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6548f741cb41a51f5e5373586ce6b940.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
@txtbaselinks
91.92.252.103:61981
Targets
-
-
Target
6548f741cb41a51f5e5373586ce6b940.exe
-
Size
271KB
-
MD5
6548f741cb41a51f5e5373586ce6b940
-
SHA1
291bad1c0d06c5af48005dc4eca7f76d5312845b
-
SHA256
f958ce56b688316c3905d3de8770ad2f4e983b9b4824281cd285fecac12051f1
-
SHA512
cd98f0379ed410890c2b2f279384c49ba7cdb82d11b5f6ed100b33c7755149893bcc2256ea2b842fbe1ad585a4e31cd752a7014f29cda036571a98ba98c9f5d8
-
SSDEEP
6144:NZ/b9e1VGnTezP8KwPBVu0AlICpOgCKvZnmpz:U1mTeL8va08I+fmpz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-