General
-
Target
build_240222_175553.zip
-
Size
119KB
-
Sample
240222-vfpmdacg2w
-
MD5
f24116361370f9f61e66ac7944e1177e
-
SHA1
a060a3fdaeb66d6f43c8d7bbd80de07d40b1494e
-
SHA256
c16a997e95c57b9ab1df7d0f3d8c2b292ab7cd15161fee7c5d33f6a4a0c7df15
-
SHA512
5fd270feb29209af81f0195e1c98d3ab6c25c8e1fa269ace3373febab96cd18502026f74cd7f57f0b9d84eeabfcd08603abe5588d25fb343f08cb0c2da0f0485
-
SSDEEP
3072:HZJk3Xzmeb8bXs0pvrZnx9zOw7VvsQR8UXf40l7W40yoC9o/xGI:5Jki+0pTxT7hs4UqEC9o/wI
Static task
static1
Malware Config
Extracted
redline
810467741
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
crypted810467741RBBOW.exe
-
Size
130KB
-
MD5
a1152b8408343477e9c349e560d3036f
-
SHA1
0c6938468fe195de90e914303668a417df0b4c4a
-
SHA256
66a5e6a773ed1a4065bd281af893600a5c36643baba933d1539bbdbbcf20403f
-
SHA512
7a5edb3b699e243a1aa156431810c45c57a1b7824f892877f4ee1cd3485d289f38f875ebf9060675dbc7dd079ed909735e2dcad3ca3e7ee3c20cedccf2dac219
-
SSDEEP
3072:lFAzme58bXs0pvrznx9zOk7VvsQRsUXf40l7240yoC9o/r/r:py0pTrt7hs4EqMC9o/r
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-