General
-
Target
568967433c84d1fd3068fae82d24d750.bin
-
Size
466KB
-
Sample
240626-c2x7jasfjm
-
MD5
3ae80808a0d0e022e9e0739102b37460
-
SHA1
f2135b8ac8df62cc220ee14ac9cb60dbbd31c4bc
-
SHA256
0cd2826777a7b50b217f78f09773761fd0c666588c87788fd5eb97bccf1e302d
-
SHA512
6348d61ef1203bd72e85315894b40e0cc598cb2302ed77da2cebc9d6d7b21f7e01dd1db8de7092b9ffafed9cd93f19ec57c52c44ae32ac181b1192ab9ebee9af
-
SSDEEP
12288:8kQWl/jotNokd2xiRXVofK9bYX29TcYuvhEU9+l:vviRtYXIT0uU9+l
Static task
static1
Behavioral task
behavioral1
Sample
35bc174139612d416a683cb302b450d21b1eb2a8cc23d0fb22d0152b35d585c6.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
cheat
185.222.58.79:55615
Targets
-
-
Target
35bc174139612d416a683cb302b450d21b1eb2a8cc23d0fb22d0152b35d585c6.exe
-
Size
504KB
-
MD5
568967433c84d1fd3068fae82d24d750
-
SHA1
030204e478cd66d7234850d9ef95f9b52a2dc476
-
SHA256
35bc174139612d416a683cb302b450d21b1eb2a8cc23d0fb22d0152b35d585c6
-
SHA512
13481aee6d2fdc5666f4febfa33a370c8590bb712be6f75bf7d212e4041f0c625b2068aad1f265254a62c4408c04070f911d378a5014061aaccf9f8c9114db75
-
SSDEEP
12288:VX0AXmuz7sdJoJmrTNj/RQI1UrYNw9KlRVjd1z+n/Xfu+XHTmyDLNkR:ZIXx/RQIq1olRVBcRXhD0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-