General
-
Target
OpeًnMе.zip
-
Size
57.4MB
-
Sample
240930-hq9n3swcrf
-
MD5
5e7692a27a15badbe3513d31976a2151
-
SHA1
1381e5a5c6da879d28f68dffca8e11f991b91320
-
SHA256
0b9497c2f81bdb66199a06ac5c5a6859d4ed457d459711ee719ad768b49868ae
-
SHA512
c71d54075aba823494583fe30b9da20c382e8300331cc5bdb813d1cf9eb221b7caf414b03d0d4be99fd5655a332cc3d5e1e496daf1f78a884353e762c83b8d09
-
SSDEEP
1572864:0NLTO8mrwOfKWQPvmu85Gir/5O9pT7Vr8xM7/wac:iTOzUPv00SqOxMTwh
Behavioral task
behavioral1
Sample
Bootstrapper.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Bootstrapper.exe
-
Size
284KB
-
MD5
fa1c1fcc619721d1893c63202d50f8ba
-
SHA1
767dc9467114561897c2bbf64f5ed277bc29ae10
-
SHA256
e35d3e27246802dedb9608a7a8bacf385282e66601b8a80ce3c703a5c234f934
-
SHA512
9b46194bb04d094bed5ace8e46145877d4ddad85297861bc2a41e5a8ee094eb410641f8f3238e7bdd6d6289ab3dfbb4a542806579b1ac4f8630bcf9861c2f5bb
-
SSDEEP
6144:wxUXj6jSRtoAHuIk5+XihRBD/u59nOik6midiUgxL:wxvjeH5k5yqPqTOb63iUgxL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-