General
-
Target
4968fd74d0eca2ecfb169c87dd8008181abe551ca91c7396c765fd67f588815e
-
Size
834KB
-
Sample
240628-z1w96svfkr
-
MD5
2a13bd0e8247f4e3b4b92e2248171ef6
-
SHA1
a5252c5b3aac0afda1fe76d1ec6339bb994ec9ce
-
SHA256
4968fd74d0eca2ecfb169c87dd8008181abe551ca91c7396c765fd67f588815e
-
SHA512
d598ff6aa5bf9ad5a1e6fba0a2df72cc7e43589c7e77c753efc00ec4ab97131e4ffcc0289dc8339c881b95357328213bc6ac518f71e4118714e8ea87e8b3768e
-
SSDEEP
12288:bCf0rGLDrU1qBBuE+juhnS6/fRRCRdXcue9NNqo5TzIuYJhi9OKtqAOU80tZqoCh:bCdL4E+j8SmRRahe9NLr9ONAdy/IXi
Static task
static1
Behavioral task
behavioral1
Sample
4968fd74d0eca2ecfb169c87dd8008181abe551ca91c7396c765fd67f588815e.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
cheat
185.222.58.70:55615
Targets
-
-
Target
4968fd74d0eca2ecfb169c87dd8008181abe551ca91c7396c765fd67f588815e
-
Size
834KB
-
MD5
2a13bd0e8247f4e3b4b92e2248171ef6
-
SHA1
a5252c5b3aac0afda1fe76d1ec6339bb994ec9ce
-
SHA256
4968fd74d0eca2ecfb169c87dd8008181abe551ca91c7396c765fd67f588815e
-
SHA512
d598ff6aa5bf9ad5a1e6fba0a2df72cc7e43589c7e77c753efc00ec4ab97131e4ffcc0289dc8339c881b95357328213bc6ac518f71e4118714e8ea87e8b3768e
-
SSDEEP
12288:bCf0rGLDrU1qBBuE+juhnS6/fRRCRdXcue9NNqo5TzIuYJhi9OKtqAOU80tZqoCh:bCdL4E+j8SmRRahe9NLr9ONAdy/IXi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
-
Detects executables packed with SmartAssembly
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-