General
-
Target
e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd
-
Size
2.1MB
-
Sample
240905-w58bfsxfmh
-
MD5
6a94b94ba557d5d85a1da20213d48974
-
SHA1
a311aa3a9243849b883867fa3d772e4c4e95d080
-
SHA256
e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd
-
SHA512
a246f8f4341a144f4946179c518fea833dbec7e40c69023e10687f85d97c28e1851334f20260069c0d6500ecb859c2e2553b4492cda22c6145966bc893a54c74
-
SSDEEP
24576:kik8FMmBmInQorsb2d4abb3+RaiHmd/on97e5oX5QOGXI+sYSkX:Xk8JB5nQYsbY4abb3j/onlGYAS
Static task
static1
Behavioral task
behavioral1
Sample
e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd.exe
Resource
win11-20240802-en
Malware Config
Extracted
redline
deepweb
91.92.253.107:1334
Targets
-
-
Target
e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd
-
Size
2.1MB
-
MD5
6a94b94ba557d5d85a1da20213d48974
-
SHA1
a311aa3a9243849b883867fa3d772e4c4e95d080
-
SHA256
e4a125aa374a939c07ee3172dd5cdb23990096efe7059e9d647f1eaadc32e3dd
-
SHA512
a246f8f4341a144f4946179c518fea833dbec7e40c69023e10687f85d97c28e1851334f20260069c0d6500ecb859c2e2553b4492cda22c6145966bc893a54c74
-
SSDEEP
24576:kik8FMmBmInQorsb2d4abb3+RaiHmd/on97e5oX5QOGXI+sYSkX:Xk8JB5nQYsbY4abb3j/onlGYAS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-