General
-
Target
R B X D 2 5.rar
-
Size
9.7MB
-
Sample
240724-nsj44axeja
-
MD5
1c7b93eb46e110fdeda1eb23a3a810cd
-
SHA1
bf23d1dcd6bd4546bd14b6a44c6e58239af29851
-
SHA256
ad329ddc9cf9c640ca7705fc3ce47c717f796b55466ec0882509f8596b35ae60
-
SHA512
5c085bc838f8c0587602c7025c31ba813871d91cf9dbf1605753f7a3ab3a0d06e0e67608c2b383877469205471656aba8e7a71a4d9e17e84bb2a09d1db22683a
-
SSDEEP
196608:IknltSmQx76wYWhEBDvwHXMsGU6l/C+c23XQ72x7qNL9AUyjM4DmM:v0zl6wYWKBDoH8sFMnc2AhNL9imM
Behavioral task
behavioral1
Sample
R B X D 2 5/Client.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
R B X D 2 5/Roblox Executor.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
R B X D 2 5/Client.config
-
Size
33.0MB
-
MD5
157bca5bfbab154797fbbe947946084f
-
SHA1
280096391abd2ea592198d205b6e44cdd2408121
-
SHA256
f9aae2ca83d60ae3a6e443d23c91672cda766f73003e4f3f0f99eec1f336d946
-
SHA512
5fbbaa59d4425779ecae554372a476414a60b70fe190ca408a0505b13064866d1576e6409e657d2933cd5922a053aacdf7c01b457b3385476dabfe1c46b5c1da
-
SSDEEP
786432:BeCve2OlHAoFfgrh96BKMZvBx9ImCrWFi6:BejjlHAopI9xABx9ErWFi6
Score3/10 -
-
-
Target
R B X D 2 5/Roblox Executor.exe
-
Size
617KB
-
MD5
9714295e9923e34582c059579d65ae07
-
SHA1
c324b11f5b263557c02489000c5113c82642972e
-
SHA256
de99e2a1094f9c515a38650647a1c59d7ce944d0663da7ede1ac420c383ffb5b
-
SHA512
644f66c4182451e12b4b0e57ce2e8f2a948a7a41bb1574da40bc77cf5f4e774970a00739040f4754fe7ae33fb6181b60685c9d22f9ef413a022724f2526b1322
-
SSDEEP
12288:VazFFI6e+Td5sWHc1vSEQ0YC/W2b6QnZTxU/yqYKWar/X3ZUtxtMbB7FB4RxCHyF:+X7hDsWHcldb6QZzze
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-