General
-
Target
TopkaVisual 2.PRO (Creator Shake).exe
-
Size
474KB
-
Sample
240403-m7t26sch38
-
MD5
4ab6fe040850d54675de3b7ad803bcd5
-
SHA1
28acee2de223e608bf0663a24624475b4858deae
-
SHA256
9b5dc34e2808725b6b2c131d2a0ce4d2f4525269b9da6c60fcfcd93e83d40f27
-
SHA512
a9df1b064b74febd43cc27b5cb8207dc050160a53aa4ab82a5c4bc010d52c88fda9b7a7b15d5318d8aec07b8ced32114c6b20b8daa7071f4442df5b3b4888ec4
-
SSDEEP
12288:8r3/n9m2RrxBvwhsW8qO7huSCVjWRioDU8uZlRVj:oPHIcISwjWRlDep
Static task
static1
Behavioral task
behavioral1
Sample
TopkaVisual 2.PRO (Creator Shake).exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
TopkaVisual 2.PRO (Creator Shake).exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
1139456900_99
https://pastebin.com/raw/8baCJyMF
Targets
-
-
Target
TopkaVisual 2.PRO (Creator Shake).exe
-
Size
474KB
-
MD5
4ab6fe040850d54675de3b7ad803bcd5
-
SHA1
28acee2de223e608bf0663a24624475b4858deae
-
SHA256
9b5dc34e2808725b6b2c131d2a0ce4d2f4525269b9da6c60fcfcd93e83d40f27
-
SHA512
a9df1b064b74febd43cc27b5cb8207dc050160a53aa4ab82a5c4bc010d52c88fda9b7a7b15d5318d8aec07b8ced32114c6b20b8daa7071f4442df5b3b4888ec4
-
SSDEEP
12288:8r3/n9m2RrxBvwhsW8qO7huSCVjWRioDU8uZlRVj:oPHIcISwjWRlDep
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-