General
-
Target
361b53f4b3e887b963bd607d994f9f42344b39e871b1142c8e56ff7182e4c96c.zip
-
Size
1.2MB
-
Sample
240402-lt2z7adb5s
-
MD5
c46187041e3326a8c227aba87e1dd3ec
-
SHA1
2280ff0c4d05e338523ca39b412a61f701c8b64f
-
SHA256
aaefa624a40df6bbaa7b40ac1501443f821245a7f9952f7fb4da0cf1c0b7b1c6
-
SHA512
f00ebafdb803a2b5d585e46a5db44eb4b54dc93aae854e839ff7a35aa70d04a0c12511304310c9ecf95fdaab673f77318e3bceb5988e22849b7e3beea1602f97
-
SSDEEP
24576:8jhlVkqCxoNxvAxYbXmOOAKzJXLPdJdijPUIaWceKz/2JyJRRI:8jhl6LW6xjX/xLPJ4UIEeKzC
Static task
static1
Behavioral task
behavioral1
Sample
361b53f4b3e887b963bd607d994f9f42344b39e871b1142c8e56ff7182e4c96c.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
1
77.221.156.45:18734
Targets
-
-
Target
361b53f4b3e887b963bd607d994f9f42344b39e871b1142c8e56ff7182e4c96c.exe
-
Size
1.3MB
-
MD5
48bf3772cbc93109287d1254b8a64683
-
SHA1
7ba5be5f07d63597c71bdfc0032365b56a3a26e7
-
SHA256
361b53f4b3e887b963bd607d994f9f42344b39e871b1142c8e56ff7182e4c96c
-
SHA512
d3621ed393be35d7a0074aee36d7ab1e7df9dacb86085472c8ed0cceec03e0bd2b349b9216bd3b8f1c19f9b1f112e255245d38ad32106d0e47a92e27ebe41d15
-
SSDEEP
24576:Nmmy8RvF09ha/j20zJgxHgShHls6P9eQ7FYxM8/ta081:N/y8RvK9Q9B76PZ7GxM8/tJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-