General
-
Target
file
-
Size
176KB
-
Sample
240526-trxlpadb72
-
MD5
2ff1852db050e32514899d5423e50d22
-
SHA1
feacdd8c39e8000877aaffff79384c794457219c
-
SHA256
5ae70117eb8fd79cfc11253b382d2104d47199c776dfcd446d5f74d697d09f2c
-
SHA512
90f074f6540300b5920b0fe1c7680f2376f3b79004959c95c81a9d542b7fb3948f125b66cf24325fc773ce23dafd1f0c8f1d25f6434cdeda01f3a53ce61ef0ff
-
SSDEEP
1536:MivUa50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/0l6A1cazJe/:Mi3gAkHnjPIQ6KSEX/LHjJ46K4
Static task
static1
Behavioral task
behavioral1
Sample
file.html
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
file
-
Size
176KB
-
MD5
2ff1852db050e32514899d5423e50d22
-
SHA1
feacdd8c39e8000877aaffff79384c794457219c
-
SHA256
5ae70117eb8fd79cfc11253b382d2104d47199c776dfcd446d5f74d697d09f2c
-
SHA512
90f074f6540300b5920b0fe1c7680f2376f3b79004959c95c81a9d542b7fb3948f125b66cf24325fc773ce23dafd1f0c8f1d25f6434cdeda01f3a53ce61ef0ff
-
SSDEEP
1536:MivUa50ZoTgAJuHnjde83Ml83Mn1CyKBKyf6C9XS6zmFMtMd5/an/0l6A1cazJe/:Mi3gAkHnjPIQ6KSEX/LHjJ46K4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-