General
-
Target
3a14bf440814f53b7260a37dcc2a422f6a3859cfada26a143496be81e41f0706.exe
-
Size
334KB
-
Sample
240408-bmrwjacd88
-
MD5
cd77e00b04bc4ad0ccb96a7819c9dda8
-
SHA1
f41f6ccb7a4117f8b646940caf501c2d8904e336
-
SHA256
3a14bf440814f53b7260a37dcc2a422f6a3859cfada26a143496be81e41f0706
-
SHA512
9f06c96fa6c8cd4b7adc50b7915b4cbb4e171f1180ecf0e56d31890dade54983bf1c014badb6f26ffd708dfd2a566659a2deefa0bc05280b2914c521575281a1
-
SSDEEP
6144:Mb5lTbCTFHI7T6Lhad68UU7RIbgjBKktvwq+xPydosvg4uuYk:ANKIX4aTUYRv/v9Mydol7u/
Static task
static1
Behavioral task
behavioral1
Sample
3a14bf440814f53b7260a37dcc2a422f6a3859cfada26a143496be81e41f0706.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
50502
2.58.56.216:38382
Targets
-
-
Target
3a14bf440814f53b7260a37dcc2a422f6a3859cfada26a143496be81e41f0706.exe
-
Size
334KB
-
MD5
cd77e00b04bc4ad0ccb96a7819c9dda8
-
SHA1
f41f6ccb7a4117f8b646940caf501c2d8904e336
-
SHA256
3a14bf440814f53b7260a37dcc2a422f6a3859cfada26a143496be81e41f0706
-
SHA512
9f06c96fa6c8cd4b7adc50b7915b4cbb4e171f1180ecf0e56d31890dade54983bf1c014badb6f26ffd708dfd2a566659a2deefa0bc05280b2914c521575281a1
-
SSDEEP
6144:Mb5lTbCTFHI7T6Lhad68UU7RIbgjBKktvwq+xPydosvg4uuYk:ANKIX4aTUYRv/v9Mydol7u/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-