General
-
Target
9DB696D411E33A3A68DB18B8A1680112.exe
-
Size
7KB
-
Sample
240503-z96j7sfc51
-
MD5
9db696d411e33a3a68db18b8a1680112
-
SHA1
8ad3f5f7730ba7db2b656b3ea080e743115980e4
-
SHA256
94f46a73df32470400d1fc25336146155321a04c4eec0f40cb8527db702499e3
-
SHA512
c998e1070f4375121cbfc0bbf8421db5f5ef9891edb5610d4d50fcbd5222d0f33121f38b72730d038d63e092f24067b5b74b5c59b31cdcd97364c0812d08951b
-
SSDEEP
96:bz7UDyrF4xhsty0BoaJt+lYn5euWY+tn4XgPPH6My3JK2VOf2dfeazNt:PSuF8hsty0qUt+lUeuHO+gn6My4q1
Static task
static1
Behavioral task
behavioral1
Sample
9DB696D411E33A3A68DB18B8A1680112.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9DB696D411E33A3A68DB18B8A1680112.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
redline
murder - first build
109.120.178.235:26632
Targets
-
-
Target
9DB696D411E33A3A68DB18B8A1680112.exe
-
Size
7KB
-
MD5
9db696d411e33a3a68db18b8a1680112
-
SHA1
8ad3f5f7730ba7db2b656b3ea080e743115980e4
-
SHA256
94f46a73df32470400d1fc25336146155321a04c4eec0f40cb8527db702499e3
-
SHA512
c998e1070f4375121cbfc0bbf8421db5f5ef9891edb5610d4d50fcbd5222d0f33121f38b72730d038d63e092f24067b5b74b5c59b31cdcd97364c0812d08951b
-
SSDEEP
96:bz7UDyrF4xhsty0BoaJt+lYn5euWY+tn4XgPPH6My3JK2VOf2dfeazNt:PSuF8hsty0qUt+lUeuHO+gn6My4q1
-
Detect ZGRat V1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-