General
-
Target
devًexec.zip
-
Size
57.4MB
-
Sample
240929-m7bwlavdrc
-
MD5
c05b7d9d580d38dbdcd621c982c57357
-
SHA1
3d5650f018436d67b2a52da38e7828bbf4a020f8
-
SHA256
8c6b5434123f98046508c84022b07393cffd6749270f69e6432bbf184b08d4a6
-
SHA512
3e80dd55fb650cfc9c1925de0f00194b8a77ee7287036b16b7ef51a316c1cb4f14d250577b24047d20901a371df0a76becd51d4a5e0b338b7e2f51141540a4ef
-
SSDEEP
1572864:oIL+InvQwN3GEgFg0md2IfEJZZoXmJWK0Vms7KxC/CsPb:f+iYwJCFgPdNqZZoXmJWK0V5l
Behavioral task
behavioral1
Sample
Bootstrapper 1.07.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Bootstrapper 1.07.exe
-
Size
310KB
-
MD5
66e2659120cbf66a1d60e63e76c941d6
-
SHA1
d38f3933adb3e70a4f4878fd9388d1f6941981dc
-
SHA256
816b9928538d75d5eabc68327879e3e205bfe820495a20fa06696865282be378
-
SHA512
734271b93cbac615b2b8811c2848bbb5b8818414292e5f8261c45ee54dd3f1310002441193e76c83b686ca16be09cc1b0a3d948533ac1b6a23568cfe5018c8c2
-
SSDEEP
6144:T6hThwAw9HYOzx6BsO/HxISYVFOFM5gdrOpCubFQEXYYSjxSHZbk:T+tmHYuO/RxYy650OpCaF8YSlSHZbk
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2