General
-
Target
feec7c869b12ae05697e84d67b9dbbac3c4e3554a9d77bd498ce928a6f82d222
-
Size
566KB
-
Sample
240707-ddpe6athlf
-
MD5
7c2738a7f893cec2527156a56ec83a45
-
SHA1
90b1b5e61c3f5ec57559c90243a1573eb89f9739
-
SHA256
feec7c869b12ae05697e84d67b9dbbac3c4e3554a9d77bd498ce928a6f82d222
-
SHA512
b730209e732fceee9f0f5e94278dc0075056bf27e36dd4da760f78834c7d2d6dc4a9b6aab2eac38cf2219e417c35ee3a6201d99c96ba97df85c3cc2f31bba830
-
SSDEEP
12288:8jssE2qAR83K/IiNoJL7XvzJsS5A0erb+ta:8j1E2v865NorWx0eSa
Static task
static1
Behavioral task
behavioral1
Sample
26c199fee4db63767ab6a7ca3b251ebaa3d8d08150d1aebef56546bdb5ea395a.exe
Resource
win7-20240705-en
Malware Config
Extracted
redline
cheat
45.137.22.124:55615
Targets
-
-
Target
26c199fee4db63767ab6a7ca3b251ebaa3d8d08150d1aebef56546bdb5ea395a.exe
-
Size
713KB
-
MD5
18da95aef5e992aacfe205534cb0b73c
-
SHA1
9ed5b6c676ffbde8b15779078e5d23e0bbebfed5
-
SHA256
26c199fee4db63767ab6a7ca3b251ebaa3d8d08150d1aebef56546bdb5ea395a
-
SHA512
4a0ab26d6f4f98550bc8b8ada81a5c0e4acf83b5603d23322126fc1bf1200913467460c411f0bc18d5bc45266b03e6033d75ae999c4ac32119d03128d7a4cf3e
-
SSDEEP
12288:8xaE8GILjWLWgumApXye0917WKVpkQRPArxQbXStkR:dcuzTw17WKVpkQRPaxJw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-