General
-
Target
5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53.exe
-
Size
1.9MB
-
Sample
240723-t27jmsyhjn
-
MD5
2d0c898afee38cddf990ab602c32ed57
-
SHA1
7c5ed28545009035b55b18ee5844f34f5c3d30e1
-
SHA256
5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53
-
SHA512
9334c818d19090909e85e0390f5869e4dba32e4e4a5a3885d5fc2110fb1252423bc2a632391489e3ccc45c9932ddcd956e23c13e5bd0f99b3ff842d67decbb5e
-
SSDEEP
49152:F2u/BMdg532rpsjCMqigjns2+a95PlpiH9MzMrcgt4hvN3iBO:arpEZIIBO
Static task
static1
Behavioral task
behavioral1
Sample
5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
lovato
57.128.132.216:55123
Targets
-
-
Target
5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53.exe
-
Size
1.9MB
-
MD5
2d0c898afee38cddf990ab602c32ed57
-
SHA1
7c5ed28545009035b55b18ee5844f34f5c3d30e1
-
SHA256
5b3882062ae00e0e7a16786510e58e6d6fbe83a5b36691eb3911647e98b16c53
-
SHA512
9334c818d19090909e85e0390f5869e4dba32e4e4a5a3885d5fc2110fb1252423bc2a632391489e3ccc45c9932ddcd956e23c13e5bd0f99b3ff842d67decbb5e
-
SSDEEP
49152:F2u/BMdg532rpsjCMqigjns2+a95PlpiH9MzMrcgt4hvN3iBO:arpEZIIBO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-