General
-
Target
70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933
-
Size
329KB
-
Sample
240707-3nxxqathlb
-
MD5
9cab87a4c133b50897b35e4792740667
-
SHA1
1a396ae984e6bc04e4046ba54f9eac176a6e5a9c
-
SHA256
70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933
-
SHA512
22795464c9fb2fd1032c529f0181074cfc048d1214c67fe3aacbc7c2ebda1fc2c634b9f647fb8c616f887cb05947119836618315cd58415cd2966c847593b77d
-
SSDEEP
6144:5wnjA4Nk/tWqLYU2rY94afXCM5l7ysuA3kUVys/VUhOaCiyh:5qiWqLYHe5truAVEdyh
Static task
static1
Behavioral task
behavioral1
Sample
70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933.exe
Resource
win10v2004-20240704-en
Malware Config
Extracted
redline
5195552529
https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443
Targets
-
-
Target
70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933
-
Size
329KB
-
MD5
9cab87a4c133b50897b35e4792740667
-
SHA1
1a396ae984e6bc04e4046ba54f9eac176a6e5a9c
-
SHA256
70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933
-
SHA512
22795464c9fb2fd1032c529f0181074cfc048d1214c67fe3aacbc7c2ebda1fc2c634b9f647fb8c616f887cb05947119836618315cd58415cd2966c847593b77d
-
SSDEEP
6144:5wnjA4Nk/tWqLYU2rY94afXCM5l7ysuA3kUVys/VUhOaCiyh:5qiWqLYHe5truAVEdyh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-