General
-
Target
bd9c7fc40fa376b53d23750021bc645ade1e4215a1265b1fc50665b01562b12f.exe
-
Size
2.2MB
-
Sample
240818-nccp3s1dke
-
MD5
28da65bb6b3dd33f53235b6ff67d6d89
-
SHA1
f3ff50dcb640b58ab824b2de80c9c5721ed0fe9f
-
SHA256
bd9c7fc40fa376b53d23750021bc645ade1e4215a1265b1fc50665b01562b12f
-
SHA512
a887a6e72f6556d350da084e0b71fe5b822cb7f057469bcc2b11c581cc182688a8f783fc5de600f16c6d7682ecde4659fb662162d76979303eb3e8432ed50e94
-
SSDEEP
49152:DrasJSuxF9rdUbJ2wMt7QjKuBQucLPSVd1JScFptNYUy3/R1Xy9:DxD6vpw+YUS/R1i9
Static task
static1
Behavioral task
behavioral1
Sample
bd9c7fc40fa376b53d23750021bc645ade1e4215a1265b1fc50665b01562b12f.exe
Resource
win7-20240729-en
Malware Config
Extracted
redline
Newest
77.90.44.31:65012
Targets
-
-
Target
bd9c7fc40fa376b53d23750021bc645ade1e4215a1265b1fc50665b01562b12f.exe
-
Size
2.2MB
-
MD5
28da65bb6b3dd33f53235b6ff67d6d89
-
SHA1
f3ff50dcb640b58ab824b2de80c9c5721ed0fe9f
-
SHA256
bd9c7fc40fa376b53d23750021bc645ade1e4215a1265b1fc50665b01562b12f
-
SHA512
a887a6e72f6556d350da084e0b71fe5b822cb7f057469bcc2b11c581cc182688a8f783fc5de600f16c6d7682ecde4659fb662162d76979303eb3e8432ed50e94
-
SSDEEP
49152:DrasJSuxF9rdUbJ2wMt7QjKuBQucLPSVd1JScFptNYUy3/R1Xy9:DxD6vpw+YUS/R1i9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1