General
-
Target
CATALOGUE.exe
-
Size
2.7MB
-
Sample
240712-eym89s1bnd
-
MD5
a3a55457b08e66b8246b3ab4f5afc5f8
-
SHA1
bcfbda193b0091361b4a9ddb06717e219a389351
-
SHA256
2c7c1638330a59ae2a7c7b549384b6cc6b915584c4c99c59256fdea1930437d7
-
SHA512
b61f2d8f84ee90fd08e057cbdb52df0881998b108f1affa156e0250458cef70007a954ae7913129883f46dcb29e5e697e17cbecef835e6c2378cca080a8d7743
-
SSDEEP
12288:mJZ7RmT35hppmYbhFD4IssrqUIb231sarW:mZA5hpZFFDtpIb23CarW
Static task
static1
Behavioral task
behavioral1
Sample
CATALOGUE.exe
Resource
win7-20240705-en
Malware Config
Extracted
redline
biss
172.81.131.198:16383
Targets
-
-
Target
CATALOGUE.exe
-
Size
2.7MB
-
MD5
a3a55457b08e66b8246b3ab4f5afc5f8
-
SHA1
bcfbda193b0091361b4a9ddb06717e219a389351
-
SHA256
2c7c1638330a59ae2a7c7b549384b6cc6b915584c4c99c59256fdea1930437d7
-
SHA512
b61f2d8f84ee90fd08e057cbdb52df0881998b108f1affa156e0250458cef70007a954ae7913129883f46dcb29e5e697e17cbecef835e6c2378cca080a8d7743
-
SSDEEP
12288:mJZ7RmT35hppmYbhFD4IssrqUIb231sarW:mZA5hpZFFDtpIb23CarW
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-