General
-
Target
54c1096830b67cf30a00bc70736d1a0d331d75ad5a2c6f15415108c51e22f744
-
Size
451KB
-
Sample
240906-mngbza1fpj
-
MD5
be932aa28d7a18ff0495a8c6846ff87b
-
SHA1
df8e63e701449eba08d9da77578a3caa02566752
-
SHA256
54c1096830b67cf30a00bc70736d1a0d331d75ad5a2c6f15415108c51e22f744
-
SHA512
a5d4a2ea89adaae54af3da71d18ae5604abca2b503994e2c49141cba0212c169dee6e5bfc2a8be3a7f534124532e46d0933986fda3682f7dcd51c19b138ad644
-
SSDEEP
12288:cjUTf6Kz0EE9fIhLvkggI/Y9UHD/Eqw3iBONo6zk:cjUTiKlE90km/Y9UjcDoAk
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-Al NASR-00388.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
RFQ-Al NASR-00388.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
lovato
57.128.132.216:55123
Targets
-
-
Target
RFQ-Al NASR-00388.exe
-
Size
1.2MB
-
MD5
3061698f92d9687f0db272a011b7233a
-
SHA1
c978701c0f44c0b6786db78260c4cbe7c26119b0
-
SHA256
48c08ffb5d775cc658f104dc91f823ba5f718efa9baa0938f070f1b3f6941d77
-
SHA512
b49bf3de441f1866a833330e8470c5ec0a47181ccac6d18743a1904b1f75515d7d8eb82324a91af61a5bf43ed42d49ef6fd4a8d11c2e586c14c0b096e36042b0
-
SSDEEP
12288:xiGaMjooOgsixdY7ck4nZ2yGcPAk8drp5FF:LP5xdHJ2qVirXFF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-