General
-
Target
6.exe
-
Size
2.6MB
-
Sample
240705-rgjwqsscpg
-
MD5
908d3656bb401fd8c4cf83d3bd39f19e
-
SHA1
7cc3652b2064490586b9525f4126e725c5ab878e
-
SHA256
5e8c7441a376ddad324526a589ee115aed949d6b3ec4c443e44ba758b38325e4
-
SHA512
37dfd062ec619ac8c8f0f3b89674b3b382950ca7f616e3265f42f6fb81bc407423221351d682bc3010f2b214e2d7c6b60a5b340269278fffc3843eae9bbc80c7
-
SSDEEP
12288:qI5OHqTR956eJKB1ROcXehK7X7wh0+iEm5wm:q1GRj6RMHU7qqwm
Static task
static1
Behavioral task
behavioral1
Sample
6.exe
Resource
win7-20240704-en
Malware Config
Extracted
redline
halle
194.55.186.180:55123
Targets
-
-
Target
6.exe
-
Size
2.6MB
-
MD5
908d3656bb401fd8c4cf83d3bd39f19e
-
SHA1
7cc3652b2064490586b9525f4126e725c5ab878e
-
SHA256
5e8c7441a376ddad324526a589ee115aed949d6b3ec4c443e44ba758b38325e4
-
SHA512
37dfd062ec619ac8c8f0f3b89674b3b382950ca7f616e3265f42f6fb81bc407423221351d682bc3010f2b214e2d7c6b60a5b340269278fffc3843eae9bbc80c7
-
SSDEEP
12288:qI5OHqTR956eJKB1ROcXehK7X7wh0+iEm5wm:q1GRj6RMHU7qqwm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-