General
-
Target
bf01f5a33558c59188cd3b91f56ce00284cf4fd614ccc9393b8126f40cfe465f
-
Size
43KB
-
Sample
240419-vebdcshg86
-
MD5
58683f1dc2db3f87865344e4cd519b20
-
SHA1
c66af4faa9d13b307aad69d9748d5b48682449b0
-
SHA256
bf01f5a33558c59188cd3b91f56ce00284cf4fd614ccc9393b8126f40cfe465f
-
SHA512
6081ec3bd5e2706a52c4c6ad89056f3a8fcb8f99d51614433377ea96d7967c8c82ac28136b98ce17674c0ff0916a079f7dd625c060acff0a7ceb66f7c6670d37
-
SSDEEP
768:2S7iZeZj0LRxrihjhk4npZAhJnAaGLnHGY8eJIGAR/PK+5hbbrwWtenyi5a4QQXP:m4Z4L+9kopZAMZmLyIfj8Qey9yV1
Static task
static1
Behavioral task
behavioral1
Sample
7981bc15a329fe58ae76f26d03fbcab5d7c32658f29a1529d4d83b9e377a81a4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7981bc15a329fe58ae76f26d03fbcab5d7c32658f29a1529d4d83b9e377a81a4.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
--- https://t.me/BlToolsCloud ------ https://t.me/BlTools_Logs ---
rights-mountains.gl.at.ply.gg:23403
Targets
-
-
Target
7981bc15a329fe58ae76f26d03fbcab5d7c32658f29a1529d4d83b9e377a81a4.exe
-
Size
95KB
-
MD5
9001b4d829eac33f2b06ab34bbef7480
-
SHA1
108914745f61a7502a382871345d4af604814823
-
SHA256
7981bc15a329fe58ae76f26d03fbcab5d7c32658f29a1529d4d83b9e377a81a4
-
SHA512
511cedc75dc75eef63953f7238d1d7f25b6ffc0e36f0f6e0589d58f642b4c87607a70414305905a7b57295ebe176bf51c1a84d0308f0f93287e52b3afd3b4cea
-
SSDEEP
1536:WqsoPqsglbG6jejoigIn43Ywzi0Zb78ivombfexv0ujXyyed2jtQulgS6pE:E2fwYn+zi0ZbYe1g0ujyzdlE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-