General
-
Target
EхеًcВ.zip
-
Size
57.6MB
-
Sample
241003-xlk79avcnc
-
MD5
8d7edf2d2ec128f4198831296298e2ac
-
SHA1
a9d8bbece3c00ed494a4f2721d97161928583928
-
SHA256
eec59d87a1e08a1d8a83b54601b11f3874af9e057fba5058c0a405fb4b9c9199
-
SHA512
89068fadb47f3020edaccc5346bf6cfebe3ad413225f6b9c8f3ac760b2ffb79ac2882a4525d7af8d288930c3ec67faee0632220f6633e6c770e3b6a03e73cb37
-
SSDEEP
786432:6i4oj4a4qbntFPF5J7aMB6EXSIxiDfqNi/7YHJ0yXcBFVNlywQm1M8KIA2SvT9/:6i5Ea4InbF5J7aMB6EXujYT6FXdABT9/
Behavioral task
behavioral1
Sample
Executor/ExecutorApp.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Executor/ExecutorApp.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Executor/bin/api.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Executor/bin/api.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Executor/ExecutorApp.exe
-
Size
476KB
-
MD5
6c75431164805ceb3735c156fb68d4ab
-
SHA1
d19e6dfa23838dfff308916547a650cbf8914067
-
SHA256
e981c6c9fe8457469ed05b9f71eea42c43abbfb47e88eed62ca67e1afe00cc99
-
SHA512
61698bb81f539484b4057ad324d449a681aaf1123b5bc8372063d9cf0ce7c6ffa8cd97a07f97bdde19ad9b3c92502788b77d8d4ebc3d7b7ff0451c4b96778187
-
SSDEEP
12288:OqhpqKibqetPAuXIzOuCTy0Gkks+NbBGAb9TDPK:j0uURXUxCeo+T7K
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
Executor/bin/api
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score3/10 -