General
-
Target
342d3e7071f207470417fa3fe3ff9280.exe
-
Size
803KB
-
Sample
240706-dadt9awdrg
-
MD5
342d3e7071f207470417fa3fe3ff9280
-
SHA1
5422472887421624d087ae9d768b1441352a7d03
-
SHA256
f2d3c92e1f5ab8109ec4f960165a1d8d5f5cee846b51b44d77ab4a1ddcba10d7
-
SHA512
a07953bf15ceb922bf0ed3cae84da19db47ba67252a4e7af682a493f659bd2574a6e0c4548b12527a61a401c872221db25d5fe05aa547455c9dcea46f02b9d81
-
SSDEEP
24576:0/4RPLub9awtRZykfWJ/+IyDHvipQPAOKrf7:09tXVfWcIybiF7r7
Static task
static1
Behavioral task
behavioral1
Sample
342d3e7071f207470417fa3fe3ff9280.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
cheat
45.137.22.124:55615
Targets
-
-
Target
342d3e7071f207470417fa3fe3ff9280.exe
-
Size
803KB
-
MD5
342d3e7071f207470417fa3fe3ff9280
-
SHA1
5422472887421624d087ae9d768b1441352a7d03
-
SHA256
f2d3c92e1f5ab8109ec4f960165a1d8d5f5cee846b51b44d77ab4a1ddcba10d7
-
SHA512
a07953bf15ceb922bf0ed3cae84da19db47ba67252a4e7af682a493f659bd2574a6e0c4548b12527a61a401c872221db25d5fe05aa547455c9dcea46f02b9d81
-
SSDEEP
24576:0/4RPLub9awtRZykfWJ/+IyDHvipQPAOKrf7:09tXVfWcIybiF7r7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-