General
-
Target
PRODUCT_LIST.tar
-
Size
2.6MB
-
Sample
240711-g21pwashkl
-
MD5
2a7a8a955130091852820616eda3de0a
-
SHA1
cfd2452b77c9604fb86311b6100747ddae8aba2c
-
SHA256
e84e611d0f9a6df97be139a441314d098a177fe6a1ed736abc2b80fb33cc372c
-
SHA512
062bc5921f46f6c1858a85bf3b0d00eb9d80dc03d09c8f48cc01c613cf792bb337afaffddc183af3d16cab3b8430665198fb8b5e5e607fe4a27958371d8aac30
-
SSDEEP
12288:TZvl4rkRkOuZ8opZz/mYCGG301f19Q8AypNpobtrlp:S2k3V001lAypNy
Static task
static1
Behavioral task
behavioral1
Sample
PRODUCT_LIST.exe
Resource
win7-20240708-en
Malware Config
Extracted
redline
cetry
204.14.75.2:16383
Targets
-
-
Target
PRODUCT_LIST.exe
-
Size
2.6MB
-
MD5
084f6a5b75fd76808d1099394ca45c3e
-
SHA1
abf381b6ea5bd403aa9a873fb04698000d5061d9
-
SHA256
4a6276e3136c7a49fe5046b78966ad785e052c4266c4dd0b68cf9937e9b5777f
-
SHA512
6464afc06b47246fba6b83c60112da233f19f9468b73b7db1d901b45f2c7cc9337d7701fc910b5fac746055e38afc19fc8d184ad1f59ad45953f1f196c8926cb
-
SSDEEP
12288:pZvl4rkRkOuZ8opZz/mYCGG301f19Q8AypNpobtrlp8:o2k3V001lAypNyi
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-