General
-
Target
5404b47556a2e1e9eb2f5da481002616.bin
-
Size
644KB
-
Sample
240718-ddln9ssarj
-
MD5
b483aa63638b8eb8b606f5ddcd4baef4
-
SHA1
93528c8fca09e26e41eddd81bab509c65b7436a3
-
SHA256
83f58c9f419c16c8a6ef5d73cb39a094e90e55aabba2a13731c17ab8f72a37db
-
SHA512
1784f0cdf0dedcf8ef3f61e88268c998291d668ee6662376f5afd21192d0eb5626ad11897c2725b959c46e275bf5510634b7a89a42dac3ac9e1dac0a8d857ada
-
SSDEEP
12288:o4eBB3urTroB6kFvvNcQmY3AO6M2j+2xJa5jJs3Y2e+Btvp+4dKOZYX:HIB3uvcB6kJvNcu6rxYjkY2NR+qDk
Static task
static1
Behavioral task
behavioral1
Sample
9c6f132ef4142409bd7a1448d3dc52f774e9e33919031dac82f2afb27083945f.exe
Resource
win7-20240704-en
Malware Config
Extracted
redline
cheat
185.222.57.67:55615
Targets
-
-
Target
9c6f132ef4142409bd7a1448d3dc52f774e9e33919031dac82f2afb27083945f.exe
-
Size
734KB
-
MD5
5404b47556a2e1e9eb2f5da481002616
-
SHA1
e3a45833fecb92ff8998fc6d4a13c9b80afe87db
-
SHA256
9c6f132ef4142409bd7a1448d3dc52f774e9e33919031dac82f2afb27083945f
-
SHA512
f3ff71f4a5637845e482e5d28656b2c7a502922ffdd599def1f243774820adc16c7de5a6804f2acff497568c93cdf180259628f2784da9dd16b9cc993e41edaf
-
SSDEEP
12288:eYQyrJBxjjmHI8/fRRCtRazozhlzs+WxuEvhxYInrLQ3MqzNF7+wdIH8dZs3:eYlJBxjCHdRRSRNzfzs+0uE5xYwrLQ8b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-