General
-
Target
3587f9b746ddb1588d27ff194157c4c9a82c38f171b6ce579c6972caa298ca13.exe
-
Size
1010KB
-
Sample
240806-lsqwjazdrd
-
MD5
a7656d5acb194230798f204f28d9c0ff
-
SHA1
c45aed42a29aae84ae31420e3dca54923c22b096
-
SHA256
3587f9b746ddb1588d27ff194157c4c9a82c38f171b6ce579c6972caa298ca13
-
SHA512
84656f8b7c681407c7450de20f147d34049cd6529247f3831dfda633a05d41e9152726eba6989967237b30ec5291acba32e8b0cb50938738a78b1dd7eb61425d
-
SSDEEP
12288:fDwmWzRWrLZD5NzZxi0JT+V7MFAtMl6ow5hSqG:fNKyV15Zxi1AAMW+qG
Static task
static1
Behavioral task
behavioral1
Sample
3587f9b746ddb1588d27ff194157c4c9a82c38f171b6ce579c6972caa298ca13.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
3587f9b746ddb1588d27ff194157c4c9a82c38f171b6ce579c6972caa298ca13.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
lovato
57.128.132.216:55123
Targets
-
-
Target
3587f9b746ddb1588d27ff194157c4c9a82c38f171b6ce579c6972caa298ca13.exe
-
Size
1010KB
-
MD5
a7656d5acb194230798f204f28d9c0ff
-
SHA1
c45aed42a29aae84ae31420e3dca54923c22b096
-
SHA256
3587f9b746ddb1588d27ff194157c4c9a82c38f171b6ce579c6972caa298ca13
-
SHA512
84656f8b7c681407c7450de20f147d34049cd6529247f3831dfda633a05d41e9152726eba6989967237b30ec5291acba32e8b0cb50938738a78b1dd7eb61425d
-
SSDEEP
12288:fDwmWzRWrLZD5NzZxi0JT+V7MFAtMl6ow5hSqG:fNKyV15Zxi1AAMW+qG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-