General

  • Target

    E3842CE1A944BA370DB991DDB782FC0BAF4BD1BDF1215.exe

  • Size

    6.5MB

  • Sample

    240117-16r33sgcb9

  • MD5

    a7d458984cd041e231acf88a8968d61d

  • SHA1

    e1a0df74a9ff8983e05d309ac80e0516571c83bc

  • SHA256

    e3842ce1a944ba370db991ddb782fc0baf4bd1bdf1215f90abac4f3c14400487

  • SHA512

    69b7e055a02df11dd666984c8a5ff847c5d36bab498fb561d44fba84bd2ad1152163e63eb8aac29e58690218149fc90280658201860ff37756c2ce9e7058c025

  • SSDEEP

    98304:6/1FK8uWvXodPOTZgMVv2wNN/ZlFZIShcvsY8722fjHno4:6iavEmTZgMVvNvxXZdO5872Wj

Malware Config

Targets

    • Target

      E3842CE1A944BA370DB991DDB782FC0BAF4BD1BDF1215.exe

    • Size

      6.5MB

    • MD5

      a7d458984cd041e231acf88a8968d61d

    • SHA1

      e1a0df74a9ff8983e05d309ac80e0516571c83bc

    • SHA256

      e3842ce1a944ba370db991ddb782fc0baf4bd1bdf1215f90abac4f3c14400487

    • SHA512

      69b7e055a02df11dd666984c8a5ff847c5d36bab498fb561d44fba84bd2ad1152163e63eb8aac29e58690218149fc90280658201860ff37756c2ce9e7058c025

    • SSDEEP

      98304:6/1FK8uWvXodPOTZgMVv2wNN/ZlFZIShcvsY8722fjHno4:6iavEmTZgMVvNvxXZdO5872Wj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks