General
-
Target
client (123).rar
-
Size
563KB
-
Sample
241003-wrglksyhjk
-
MD5
2c362898a559baa5f9dc529fd52347df
-
SHA1
4cadfe7bfca41e5eed7e139441087a460fdd23d2
-
SHA256
66869eb13eb86da59ca5f6956e24a15608ece60e1c497fa8e0f57b4f55e868aa
-
SHA512
60576f61e13aa98e82bb957ee832a9c7f8e1d6a90b8f139675d5aa00e50023fce40b55e6db41c7e9e763ce4c3bef5938f7296663f12e18501a377e43acea84fe
-
SSDEEP
12288:xtx00ONR2iCF+tGozbAq/0oa9vSmo0sV64EzmajUZQjDsP+IVFL9/r+wTA:xb0PsiCot/r0RxSmzM6pjDsP+ALlrvA
Static task
static1
Behavioral task
behavioral1
Sample
client.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
client.exe
Resource
win7-20240903-en
Malware Config
Extracted
redline
cheat123
194.11.246.68:45946
Targets
-
-
Target
client.exe
-
Size
1003KB
-
MD5
7fcb9c36578d29b08c6d43252bff9823
-
SHA1
b0348c70c402e1901f0b683cae55afa93952d4b2
-
SHA256
96b6a2b45c02a74e5dcfd0b867fd3481f79d81510a9d15da8461291b468db484
-
SHA512
6fac07edf55898b419ba73a2723fa547fcc75d9480dc22d0a67e407e71746ad16cd31e1c3b834ad9c06d789f047d57d4986c84b1b963727763e4128808bb299c
-
SSDEEP
12288:r6Yo3OpHnvQoS7uwXMox9rqKiZDhYkS07bRKu0ZATyMw57+xvoKikpslraAD:Wz3MHn4o7wXZx9rQS0/QWziZaAD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-