General
-
Target
Shipping Documents.exe
-
Size
963KB
-
Sample
240716-qhsdtsxbna
-
MD5
1cc7ec4c91b811c75bb9621120b95dd4
-
SHA1
214a6276da8f2ead192d1cb28cf6afd514752eec
-
SHA256
45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa
-
SHA512
af62907155401baa25eb4bfd793ac8cdca1eeb16e030c3c1eb9418b6e1abbea4438c8beea5579e8130b4a4277cad06263a52d080e8e7cc8b9c4221c94fa9d8f0
-
SSDEEP
24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaHfbSH5:dh+ZkldoPK8YaHf2
Static task
static1
Behavioral task
behavioral1
Sample
Shipping Documents.exe
Resource
win7-20240708-en
Malware Config
Extracted
redline
Windows
95.211.6.240:57887
Targets
-
-
Target
Shipping Documents.exe
-
Size
963KB
-
MD5
1cc7ec4c91b811c75bb9621120b95dd4
-
SHA1
214a6276da8f2ead192d1cb28cf6afd514752eec
-
SHA256
45546f324eb60085374045715890404ffe9ecbd9c15cbcfcb6828fdfd87179fa
-
SHA512
af62907155401baa25eb4bfd793ac8cdca1eeb16e030c3c1eb9418b6e1abbea4438c8beea5579e8130b4a4277cad06263a52d080e8e7cc8b9c4221c94fa9d8f0
-
SSDEEP
24576:KAHnh+eWsN3skA4RV1Hom2KXMmHaHfbSH5:dh+ZkldoPK8YaHf2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-