General
-
Target
18da95aef5e992aacfe205534cb0b73c.exe
-
Size
713KB
-
Sample
240705-qsdcnaygnq
-
MD5
18da95aef5e992aacfe205534cb0b73c
-
SHA1
9ed5b6c676ffbde8b15779078e5d23e0bbebfed5
-
SHA256
26c199fee4db63767ab6a7ca3b251ebaa3d8d08150d1aebef56546bdb5ea395a
-
SHA512
4a0ab26d6f4f98550bc8b8ada81a5c0e4acf83b5603d23322126fc1bf1200913467460c411f0bc18d5bc45266b03e6033d75ae999c4ac32119d03128d7a4cf3e
-
SSDEEP
12288:8xaE8GILjWLWgumApXye0917WKVpkQRPArxQbXStkR:dcuzTw17WKVpkQRPaxJw
Static task
static1
Behavioral task
behavioral1
Sample
18da95aef5e992aacfe205534cb0b73c.exe
Resource
win7-20240704-en
Malware Config
Extracted
redline
cheat
45.137.22.124:55615
Targets
-
-
Target
18da95aef5e992aacfe205534cb0b73c.exe
-
Size
713KB
-
MD5
18da95aef5e992aacfe205534cb0b73c
-
SHA1
9ed5b6c676ffbde8b15779078e5d23e0bbebfed5
-
SHA256
26c199fee4db63767ab6a7ca3b251ebaa3d8d08150d1aebef56546bdb5ea395a
-
SHA512
4a0ab26d6f4f98550bc8b8ada81a5c0e4acf83b5603d23322126fc1bf1200913467460c411f0bc18d5bc45266b03e6033d75ae999c4ac32119d03128d7a4cf3e
-
SSDEEP
12288:8xaE8GILjWLWgumApXye0917WKVpkQRPArxQbXStkR:dcuzTw17WKVpkQRPaxJw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-