General
-
Target
SlًrB.zip
-
Size
57.4MB
-
Sample
240924-rhh1tsybjn
-
MD5
bd28476b616cef4369dcfb6867cf4eed
-
SHA1
a2dbed4f26e155088446d09af05c0203665e6172
-
SHA256
fe83e6c5e16257f9c211e7f35c3acf6506e8113745bcb638f100fb29092d41a0
-
SHA512
3dd5c5f2ae275ada3d1cd75f7bec479d8bd05ea1924eba8d9d38e125276a2ce1076224aa164c015cf858050adb4fd8de21d2425cbca4e79666900a59887eb0a0
-
SSDEEP
1572864:UTmjWt3krAcyB728tyQ+juzribmSIVE8WhMJWM:UuWt3KAdl20y7K+bmSjCd
Behavioral task
behavioral1
Sample
Solara/SolaraV3.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Solara/bin/api.dll
Resource
win10-20240404-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Solara/SolaraV3.exe
-
Size
310KB
-
MD5
e83a688cb90dfaaa5ae7d4226f963158
-
SHA1
f636c9c64b3b9461325927d061b654e6c351412d
-
SHA256
d26fddd0cbea1ad4be94d9295b0d13320c516c1d203ee0c2a364db0101c3442b
-
SHA512
279288c4ceb7ee4c20d669dbed6759f35c257a0e19e65944288bf6181b9f61862ab7a0434f4fb5909a359628f45aa0f69dc0ba5d176b0db4af08476961fc1554
-
SSDEEP
6144:ujs3XFLsDLRhQWI0KGEce5SpqD9sRAfYpV0n6+39Wpg:u431QDLXZI0K1D5OMy8Gx+t
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
Solara/bin/api
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score3/10 -