General
-
Target
build.exe
-
Size
351KB
-
Sample
240505-wlx2dabg97
-
MD5
e00381635f0deee1380080b322aec301
-
SHA1
751c7ac25d1cbd1a789bea64f46bb226d9cd43e1
-
SHA256
18c790568c6e0e30d600135a33a9e41ff55e076600fec006772d95849abc4def
-
SHA512
f401016e001ffad5e731c6afb333acd3124dd8c9d2187b06cc38a4094cb2e67bfd5b8a732587df92ab34bd4902b94cdc5ab5aeb413af857777fb5e5fd13b62a3
-
SSDEEP
6144:Vkup0yN90QEsvxUDJchSJrcu78hp1mQlZDJ0ML:Wy900WDJLJrtKp1mGRJ0g
Static task
static1
Behavioral task
behavioral1
Sample
build.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
build.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
build.exe
Resource
win11-20240419-en
Malware Config
Extracted
redline
cheat
ii-restored.gl.at.ply.gg:43416
Targets
-
-
Target
build.exe
-
Size
351KB
-
MD5
e00381635f0deee1380080b322aec301
-
SHA1
751c7ac25d1cbd1a789bea64f46bb226d9cd43e1
-
SHA256
18c790568c6e0e30d600135a33a9e41ff55e076600fec006772d95849abc4def
-
SHA512
f401016e001ffad5e731c6afb333acd3124dd8c9d2187b06cc38a4094cb2e67bfd5b8a732587df92ab34bd4902b94cdc5ab5aeb413af857777fb5e5fd13b62a3
-
SSDEEP
6144:Vkup0yN90QEsvxUDJchSJrcu78hp1mQlZDJ0ML:Wy900WDJLJrtKp1mGRJ0g
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-