General
-
Target
3bbfae712b547bb5fcf41ef86495ce748c021e3eef8f814150720a638b496870
-
Size
5.2MB
-
Sample
240726-zmbrbaterr
-
MD5
58bf1cdac6aca5bb6f971b881af861be
-
SHA1
989d167743501b0925aaf549cc89e9117e2dca5f
-
SHA256
3bbfae712b547bb5fcf41ef86495ce748c021e3eef8f814150720a638b496870
-
SHA512
d6911fa9219974f3ecce09cb1a7d02df27ee110a8330d9eb0b2b48cd095c96220ccd6d45baf906ad352a1ec3805c2447845dd0d1d5d90345e56b3e050449a914
-
SSDEEP
49152:tfF7lYqmJP4mcoXgcPM04KaorsyFlLs6yim720ldW:1F50
Static task
static1
Behavioral task
behavioral1
Sample
3bbfae712b547bb5fcf41ef86495ce748c021e3eef8f814150720a638b496870.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3bbfae712b547bb5fcf41ef86495ce748c021e3eef8f814150720a638b496870.exe
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
3bbfae712b547bb5fcf41ef86495ce748c021e3eef8f814150720a638b496870
-
Size
5.2MB
-
MD5
58bf1cdac6aca5bb6f971b881af861be
-
SHA1
989d167743501b0925aaf549cc89e9117e2dca5f
-
SHA256
3bbfae712b547bb5fcf41ef86495ce748c021e3eef8f814150720a638b496870
-
SHA512
d6911fa9219974f3ecce09cb1a7d02df27ee110a8330d9eb0b2b48cd095c96220ccd6d45baf906ad352a1ec3805c2447845dd0d1d5d90345e56b3e050449a914
-
SSDEEP
49152:tfF7lYqmJP4mcoXgcPM04KaorsyFlLs6yim720ldW:1F50
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1