General
-
Target
file.exe
-
Size
489KB
-
Sample
240430-3dnw3aad2x
-
MD5
4d17fb12478532b67c678512420bee52
-
SHA1
e9bbe139c41279afe78874d8aa00e7c660aef1f0
-
SHA256
d53489dc94909b5311f4aa5e28f766dc836f135cc6a1418c6f371a659a024d8d
-
SHA512
1693917d2cc7397c8c5de606fbffd272d2a35734e51232c63bed807e1b0f51957c2b65e8e0efed46ccab712383d607a39e35d13d3bc7de1e98fca53729bf9ef5
-
SSDEEP
6144:Eg4e4T9nr4MVSXQ5igPlID/MeVoQnKP2i+y4QIhI0v/u3fmeSPyJgeyrjPb1:Ae4T9EgLPGMeJnKPuyXG/SNSZjP
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
@LOGSCLOUDYT_BOT
185.172.128.33:8970
Targets
-
-
Target
file.exe
-
Size
489KB
-
MD5
4d17fb12478532b67c678512420bee52
-
SHA1
e9bbe139c41279afe78874d8aa00e7c660aef1f0
-
SHA256
d53489dc94909b5311f4aa5e28f766dc836f135cc6a1418c6f371a659a024d8d
-
SHA512
1693917d2cc7397c8c5de606fbffd272d2a35734e51232c63bed807e1b0f51957c2b65e8e0efed46ccab712383d607a39e35d13d3bc7de1e98fca53729bf9ef5
-
SSDEEP
6144:Eg4e4T9nr4MVSXQ5igPlID/MeVoQnKP2i+y4QIhI0v/u3fmeSPyJgeyrjPb1:Ae4T9EgLPGMeJnKPuyXG/SNSZjP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-