General
-
Target
602a6a9693cdc77d1576ea6da66fd56e77c87a89ecef0d39b44563b93f8cc6b1
-
Size
9KB
-
Sample
241113-jtyaws1mbn
-
MD5
ba7d3bda1009e3900c1eca3d56aa8b4f
-
SHA1
3393a8485928315b58def904ccfb342ae1b30bdf
-
SHA256
602a6a9693cdc77d1576ea6da66fd56e77c87a89ecef0d39b44563b93f8cc6b1
-
SHA512
32372dc77849996cdd4e008d9ce8e3116417461c4b6f2755c99f9dd984420ad243c7e21470af342aeb06e32795e4f60dab1587ae1e9c40a59568b7115826b634
-
SSDEEP
96:z3Oza/sBjQ83+lzRUMDjhb/UVpPZ40pW3WNtW1jYcFKNVcz1W4oKYMsLYUa:qz7BjH+ZDDdDUVpPdE8stYcFwVc03KY
Static task
static1
Behavioral task
behavioral1
Sample
602a6a9693cdc77d1576ea6da66fd56e77c87a89ecef0d39b44563b93f8cc6b1.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
602a6a9693cdc77d1576ea6da66fd56e77c87a89ecef0d39b44563b93f8cc6b1.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
602a6a9693cdc77d1576ea6da66fd56e77c87a89ecef0d39b44563b93f8cc6b1
-
Size
9KB
-
MD5
ba7d3bda1009e3900c1eca3d56aa8b4f
-
SHA1
3393a8485928315b58def904ccfb342ae1b30bdf
-
SHA256
602a6a9693cdc77d1576ea6da66fd56e77c87a89ecef0d39b44563b93f8cc6b1
-
SHA512
32372dc77849996cdd4e008d9ce8e3116417461c4b6f2755c99f9dd984420ad243c7e21470af342aeb06e32795e4f60dab1587ae1e9c40a59568b7115826b634
-
SSDEEP
96:z3Oza/sBjQ83+lzRUMDjhb/UVpPZ40pW3WNtW1jYcFKNVcz1W4oKYMsLYUa:qz7BjH+ZDDdDUVpPdE8stYcFwVc03KY
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-