General
-
Target
SecuriteInfo.com.Win32.PWSX-gen.17245.11822.exe
-
Size
368KB
-
Sample
240208-qszwnaea5s
-
MD5
5ec82862a67012277f2b24f1780e968b
-
SHA1
3864ae8c39913a910129cd5da3cdc35682ba4ce5
-
SHA256
f4be8d0218a0e78619344ff5e2b21c702985e2baed31cbbfc5ec30aa5facb17a
-
SHA512
cc8d0a441eeffd4bdb39268b78d741fb6536a102a27a59a6c0ebbce05700aa042659b2dce810dbf37f9522969883645c12c0fc43dd6730e9d81f3e1f393fbb8a
-
SSDEEP
6144:I7TaW6ZJ6+z+oY4VmtdVanaf1dL+ZoKO9JLd/DijG2R+5MPIT3kzNgB+DPD5oxzq:8ID6K2/anafnLL/4+GPkGWgDPVEnWH
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.PWSX-gen.17245.11822.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.PWSX-gen.17245.11822.exe
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.PWSX-gen.17245.11822.exe
-
Size
368KB
-
MD5
5ec82862a67012277f2b24f1780e968b
-
SHA1
3864ae8c39913a910129cd5da3cdc35682ba4ce5
-
SHA256
f4be8d0218a0e78619344ff5e2b21c702985e2baed31cbbfc5ec30aa5facb17a
-
SHA512
cc8d0a441eeffd4bdb39268b78d741fb6536a102a27a59a6c0ebbce05700aa042659b2dce810dbf37f9522969883645c12c0fc43dd6730e9d81f3e1f393fbb8a
-
SSDEEP
6144:I7TaW6ZJ6+z+oY4VmtdVanaf1dL+ZoKO9JLd/DijG2R+5MPIT3kzNgB+DPD5oxzq:8ID6K2/anafnLL/4+GPkGWgDPVEnWH
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-