General
-
Target
77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b.exe
-
Size
800KB
-
Sample
240706-bwwwva1hnk
-
MD5
b7d9ebad39110de3ff89686962c3270b
-
SHA1
a6e86e8d2ff174655eb1d30c62506db91e26c943
-
SHA256
77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b
-
SHA512
33e0439e08deb2c35ddf27e1604efa75888509340b96a4e44f976f00a5cf5f61d2f209837c8a48850224bd08ceaa08b2137ddb1307b147d834e695c2fd573234
-
SSDEEP
24576:87LxpIU55gevCR+vlum6CMQe5aFpBpLHLKRAwn:6vTPdkDl5u/FQBn
Static task
static1
Behavioral task
behavioral1
Sample
77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b.exe
Resource
win7-20240704-en
Malware Config
Extracted
redline
foz
79.110.62.16:1912
Targets
-
-
Target
77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b.exe
-
Size
800KB
-
MD5
b7d9ebad39110de3ff89686962c3270b
-
SHA1
a6e86e8d2ff174655eb1d30c62506db91e26c943
-
SHA256
77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b
-
SHA512
33e0439e08deb2c35ddf27e1604efa75888509340b96a4e44f976f00a5cf5f61d2f209837c8a48850224bd08ceaa08b2137ddb1307b147d834e695c2fd573234
-
SSDEEP
24576:87LxpIU55gevCR+vlum6CMQe5aFpBpLHLKRAwn:6vTPdkDl5u/FQBn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-