General
-
Target
rRFQ-AlNASR-00388.exe
-
Size
1.2MB
-
Sample
240911-y292zs1bnm
-
MD5
3061698f92d9687f0db272a011b7233a
-
SHA1
c978701c0f44c0b6786db78260c4cbe7c26119b0
-
SHA256
48c08ffb5d775cc658f104dc91f823ba5f718efa9baa0938f070f1b3f6941d77
-
SHA512
b49bf3de441f1866a833330e8470c5ec0a47181ccac6d18743a1904b1f75515d7d8eb82324a91af61a5bf43ed42d49ef6fd4a8d11c2e586c14c0b096e36042b0
-
SSDEEP
12288:xiGaMjooOgsixdY7ck4nZ2yGcPAk8drp5FF:LP5xdHJ2qVirXFF
Static task
static1
Behavioral task
behavioral1
Sample
rRFQ-AlNASR-00388.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
rRFQ-AlNASR-00388.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
lovato
57.128.132.216:55123
Targets
-
-
Target
rRFQ-AlNASR-00388.exe
-
Size
1.2MB
-
MD5
3061698f92d9687f0db272a011b7233a
-
SHA1
c978701c0f44c0b6786db78260c4cbe7c26119b0
-
SHA256
48c08ffb5d775cc658f104dc91f823ba5f718efa9baa0938f070f1b3f6941d77
-
SHA512
b49bf3de441f1866a833330e8470c5ec0a47181ccac6d18743a1904b1f75515d7d8eb82324a91af61a5bf43ed42d49ef6fd4a8d11c2e586c14c0b096e36042b0
-
SSDEEP
12288:xiGaMjooOgsixdY7ck4nZ2yGcPAk8drp5FF:LP5xdHJ2qVirXFF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-