General
-
Target
568967433c84d1fd3068fae82d24d750.exe
-
Size
504KB
-
Sample
240624-xr23ys1ekn
-
MD5
568967433c84d1fd3068fae82d24d750
-
SHA1
030204e478cd66d7234850d9ef95f9b52a2dc476
-
SHA256
35bc174139612d416a683cb302b450d21b1eb2a8cc23d0fb22d0152b35d585c6
-
SHA512
13481aee6d2fdc5666f4febfa33a370c8590bb712be6f75bf7d212e4041f0c625b2068aad1f265254a62c4408c04070f911d378a5014061aaccf9f8c9114db75
-
SSDEEP
12288:VX0AXmuz7sdJoJmrTNj/RQI1UrYNw9KlRVjd1z+n/Xfu+XHTmyDLNkR:ZIXx/RQIq1olRVBcRXhD0
Static task
static1
Behavioral task
behavioral1
Sample
568967433c84d1fd3068fae82d24d750.exe
Resource
win7-20240508-en
Malware Config
Extracted
redline
cheat
185.222.58.79:55615
Targets
-
-
Target
568967433c84d1fd3068fae82d24d750.exe
-
Size
504KB
-
MD5
568967433c84d1fd3068fae82d24d750
-
SHA1
030204e478cd66d7234850d9ef95f9b52a2dc476
-
SHA256
35bc174139612d416a683cb302b450d21b1eb2a8cc23d0fb22d0152b35d585c6
-
SHA512
13481aee6d2fdc5666f4febfa33a370c8590bb712be6f75bf7d212e4041f0c625b2068aad1f265254a62c4408c04070f911d378a5014061aaccf9f8c9114db75
-
SSDEEP
12288:VX0AXmuz7sdJoJmrTNj/RQI1UrYNw9KlRVjd1z+n/Xfu+XHTmyDLNkR:ZIXx/RQIq1olRVBcRXhD0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-