General
-
Target
downloader.exe
-
Size
70.1MB
-
Sample
240821-nrm5cswela
-
MD5
5e05d6146e89de683e5b3326af472e77
-
SHA1
3ec63ddf55850c5e0611179fcfdbccd46dfdf265
-
SHA256
7b55b49207f0dac3eca563a9e18fbda0f73e71d050c982882889ebe1c3e1e5d5
-
SHA512
7f9d2753f05c118db71ddf23ef44eb62b8e3e16f151dab0350cab633448aab7ce1ed406b3cae7d6ccffd276fad53e5f76c35ee8984d2f3cf982fd683a607f574
-
SSDEEP
393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qRsGg4GUo3NX:lWoI7zGP5ahWc3Im5
Static task
static1
Behavioral task
behavioral1
Sample
downloader.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
downloader.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
cs
194.49.68.19:4483
Targets
-
-
Target
downloader.exe
-
Size
70.1MB
-
MD5
5e05d6146e89de683e5b3326af472e77
-
SHA1
3ec63ddf55850c5e0611179fcfdbccd46dfdf265
-
SHA256
7b55b49207f0dac3eca563a9e18fbda0f73e71d050c982882889ebe1c3e1e5d5
-
SHA512
7f9d2753f05c118db71ddf23ef44eb62b8e3e16f151dab0350cab633448aab7ce1ed406b3cae7d6ccffd276fad53e5f76c35ee8984d2f3cf982fd683a607f574
-
SSDEEP
393216:lWxQN89qQk4adiJCuE2fUCdod+OvqKkZHzXhJ/KTe8uiBUtkc0k3qRsGg4GUo3NX:lWoI7zGP5ahWc3Im5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-