General
-
Target
7465D871F23A705DB0B2B6730C74E786.exe
-
Size
181KB
-
Sample
240421-mm8ptshd4x
-
MD5
7465d871f23a705db0b2b6730c74e786
-
SHA1
780d13eedd18f6646d1d9fda46b7dd55d9244575
-
SHA256
9a39e9f69780a5c38628b9ef94cc8309c9ebb4272f837b19ed2fc09da998154e
-
SHA512
8c5588fc38283f18da703ac23fd90ac9f52b57c2b51667de35967c2a8dae37fb25008469c13153217f4712298a8a4d75e7a2743fb4f668668dd8efb12e5dcb25
-
SSDEEP
3072:QQW8lTQY0ndQZn/jJtILH4htDcS9uG55keLiwRZhEAxHpvhcOjD9dwj+ltu:17TQXndQdqHAlcS9uGZLiwj7JvhcOjDs
Static task
static1
Behavioral task
behavioral1
Sample
7465D871F23A705DB0B2B6730C74E786.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
cheat
195.10.205.79:30525
Targets
-
-
Target
7465D871F23A705DB0B2B6730C74E786.exe
-
Size
181KB
-
MD5
7465d871f23a705db0b2b6730c74e786
-
SHA1
780d13eedd18f6646d1d9fda46b7dd55d9244575
-
SHA256
9a39e9f69780a5c38628b9ef94cc8309c9ebb4272f837b19ed2fc09da998154e
-
SHA512
8c5588fc38283f18da703ac23fd90ac9f52b57c2b51667de35967c2a8dae37fb25008469c13153217f4712298a8a4d75e7a2743fb4f668668dd8efb12e5dcb25
-
SSDEEP
3072:QQW8lTQY0ndQZn/jJtILH4htDcS9uG55keLiwRZhEAxHpvhcOjD9dwj+ltu:17TQXndQdqHAlcS9uGZLiwj7JvhcOjDs
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-