General
-
Target
7632e569071acc40bce87af592e4cc2476d9c088906a1e6651614860b4754bf8.exe
-
Size
953KB
-
Sample
240727-bxzdcs1ekc
-
MD5
5223a85ff161e8818f0e514048051e7d
-
SHA1
9574d384a9f3b449f64cf14a022df3c8c383e279
-
SHA256
7632e569071acc40bce87af592e4cc2476d9c088906a1e6651614860b4754bf8
-
SHA512
a7860963ea26be9a3f41aea30bace94211bfe36d249062d1b91833a2675c4ddf7c60387bc0c167a484da4f228de382b8a0d054edafe49d59080452c601e8a950
-
SSDEEP
24576:oXwOyoMvAJeqI8X6aGvX2T8NZrymq1I1bYSLsbUAYilGEADGKel:bFvAJeq7KmQ/rymq6YSLsbDdrqGKel
Static task
static1
Behavioral task
behavioral1
Sample
7632e569071acc40bce87af592e4cc2476d9c088906a1e6651614860b4754bf8.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
7632e569071acc40bce87af592e4cc2476d9c088906a1e6651614860b4754bf8.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
redline
YT2
45.140.147.183:12245
Targets
-
-
Target
7632e569071acc40bce87af592e4cc2476d9c088906a1e6651614860b4754bf8.exe
-
Size
953KB
-
MD5
5223a85ff161e8818f0e514048051e7d
-
SHA1
9574d384a9f3b449f64cf14a022df3c8c383e279
-
SHA256
7632e569071acc40bce87af592e4cc2476d9c088906a1e6651614860b4754bf8
-
SHA512
a7860963ea26be9a3f41aea30bace94211bfe36d249062d1b91833a2675c4ddf7c60387bc0c167a484da4f228de382b8a0d054edafe49d59080452c601e8a950
-
SSDEEP
24576:oXwOyoMvAJeqI8X6aGvX2T8NZrymq1I1bYSLsbUAYilGEADGKel:bFvAJeq7KmQ/rymq6YSLsbDdrqGKel
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2