General
-
Target
E.zip
-
Size
57.6MB
-
Sample
241004-tcykfashjq
-
MD5
062d29a791e6ee5b118c32f83d025213
-
SHA1
e42c314b782384e8428e3ef3e30e046e9da8e693
-
SHA256
fcd4205b407e5dafccebf1f53be7023056ffee9f1d6380eb43e82b7119fc05f4
-
SHA512
4a67645ba30ab240fce28ad099a05a98ac0db289145d701d7184cf329ccfb3861351af6f4cc78915732ded17b4c6462520c188a6e0b29cdd368aed769519d573
-
SSDEEP
786432:oxSIvxuUjH2SaFztjDSDG4HymTb6YSwe7SswcGgc1h4xhJGwGSrrwDT2qEBQxfjC:o0yuU72jzlDsGyfSpOei4xhnr0XLj/z+
Behavioral task
behavioral1
Sample
Executor/Bootstrapper V2.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Executor/Bootstrapper V2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Executor/bin/api.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Executor/bin/api.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
Executor/Bootstrapper V2.exe
-
Size
466KB
-
MD5
837c14fb7f73b0615a0ed2c743a286de
-
SHA1
4e87fa2adb747455f5268ffe1a2ec5b320368bb6
-
SHA256
7b7581d94d895619107d50dc22d297ec2ff7d53d23041a7b8311705b745d3ee0
-
SHA512
702857f365c6f7b2a9a2701f003966de01ffd7fefd7a4687510637cfe7756cdbef8a3fe78f996a212c4f8edfcc3c50d2619b7ad6a21caf52573bdba2bb55858f
-
SSDEEP
6144:mmtTY7oS95edGkqFDaLNUvY25RVYZ4EZyfAiJ9Rt4aZdfqJm8dpjtM6cYQ0zi+WP:jTY7V/FWpUw25Ramd9UaHf3irlQpP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
Executor/bin/api
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score3/10 -