General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.19272.7299
-
Size
329KB
-
Sample
240120-1gsnbahaeq
-
MD5
927fa2810d057f5b7740f9fd3d0af3c9
-
SHA1
b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8
-
SHA256
9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9
-
SHA512
54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8
-
SSDEEP
6144:Y2A0vtQBor7oi2eemoLa9VBdH/Mz1KKd619AqUAwZuav:FA0v4ovo8NoLm5s5duBUAwJ
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.19272.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.19272.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
@RLREBORN Cloud TG: @FATHEROFCARDERS)
141.95.211.148:46011
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.19272.7299
-
Size
329KB
-
MD5
927fa2810d057f5b7740f9fd3d0af3c9
-
SHA1
b75d4c86d3b4fd9d6ecf4be05d9ebcf4d7fd7ec8
-
SHA256
9285f56d3f84131e78d09d2b85dad48a871eec4702cb6494e9c46a24f70e50f9
-
SHA512
54af68949da4520c87e24d613817003705e8e50d3006e81dcf5d924003c1a1b8185ba89f6878c0abac61f34efbe7a9233f28ba3e678a35983c1e74216a5ac1a8
-
SSDEEP
6144:Y2A0vtQBor7oi2eemoLa9VBdH/Mz1KKd619AqUAwZuav:FA0v4ovo8NoLm5s5duBUAwJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-