General
-
Target
EхеًсOnyх.zip
-
Size
57.6MB
-
Sample
241004-et8peatfjm
-
MD5
fef0e526f5ee5a59847efb481996970c
-
SHA1
b3589b512862d806d5fb9b6917ccbb9347e2f107
-
SHA256
717073b4501702731a8678f3eedec0e84f65b683361f8dad42120a0c0cfca5b4
-
SHA512
0923f568addc5fc27bf5022325c91dfeebe5c24e15013b189226b0f47f3d4ae66e5a9ef674c67f0f7b25aa5bfe58179f0dc6c73bd904e9b1062a4ceecb7cd818
-
SSDEEP
1572864:sTkJLf/DKDW/NVUXnuBg13wMMGsEeliqoZ9PJauY5Fsu46Bqhom:GkJLf/uDWYnuWR/MGiU7PJabsu4Ygf
Behavioral task
behavioral1
Sample
Executor/Bootstrapper.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
Executor/locales/bin/api.dll
Resource
win11-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Executor/Bootstrapper.exe
-
Size
475KB
-
MD5
809df7bdcbe2e43c79bc6d5086d0cf1c
-
SHA1
8e5c47578f5878b884527d81224c462552295bf5
-
SHA256
587ac3e3c59185401cb434cae1928b1e6a8f9a9622c4d85bebf355ec9ccf0222
-
SHA512
04cc427843747e054ddf20e80704d0ae54a08c8b5601a179ee2839ffaa8969732440312a8b2a2b32823aa0d09e16db4dfe461ceaf904e75dae54c7712d963e17
-
SSDEEP
12288:6dw11T2MC0jU7ppuIUwWcgbty5YWm6wPldEpr2WPVEO:Yoa0gBlzVt
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
Executor/locales/bin/api
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score3/10 -