General
-
Target
4ec07b8e03c6decbd6a69fd6205134cc.exe
-
Size
137KB
-
Sample
240626-ygx7pashnp
-
MD5
4ec07b8e03c6decbd6a69fd6205134cc
-
SHA1
d7e39255e93b6b45e71accf53ae063973d317c79
-
SHA256
3d41c549e3605066d3308fe88c6c4674840a2fae493f53ccd777f4c40744caf5
-
SHA512
ecd9cb4b3ed871d31055d6670b9c7729c43f14015a310365de4b57493a56f8eaed290a74b01b81687747a3348da39c786783260076dbe4c43ec3d87cd18ba6e6
-
SSDEEP
3072:bzWhTc8VndpIVANtDI0wMuedstt+R1ATIiQKRMs6x:byhTc8TpIVANtnwMuedTHAbRM
Static task
static1
Behavioral task
behavioral1
Sample
4ec07b8e03c6decbd6a69fd6205134cc.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
tst
194.55.186.87:4483
Targets
-
-
Target
4ec07b8e03c6decbd6a69fd6205134cc.exe
-
Size
137KB
-
MD5
4ec07b8e03c6decbd6a69fd6205134cc
-
SHA1
d7e39255e93b6b45e71accf53ae063973d317c79
-
SHA256
3d41c549e3605066d3308fe88c6c4674840a2fae493f53ccd777f4c40744caf5
-
SHA512
ecd9cb4b3ed871d31055d6670b9c7729c43f14015a310365de4b57493a56f8eaed290a74b01b81687747a3348da39c786783260076dbe4c43ec3d87cd18ba6e6
-
SSDEEP
3072:bzWhTc8VndpIVANtDI0wMuedstt+R1ATIiQKRMs6x:byhTc8TpIVANtnwMuedTHAbRM
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-