General
-
Target
59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867
-
Size
9KB
-
Sample
241113-pfevaa1hlh
-
MD5
48cadb488b71589cb626e4fbfb084deb
-
SHA1
44f36d618ce18ec81d49f820d4552fe038f0e141
-
SHA256
59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867
-
SHA512
31e85d6ac569fced5cf2d66c20c6a9d05c0a208c573005bd4597bad31f1f6d2aa63bcbc03cf169280c04952a5ee59c5b14e9e9b45592334310f52bcc5fc7c134
-
SSDEEP
192:YFqPom6B+9T9DLD9VpD2pE8stYcFwVc03KY:kqPz6B+9T1X9VIpEptYcFwVc03K
Static task
static1
Behavioral task
behavioral1
Sample
59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867
-
Size
9KB
-
MD5
48cadb488b71589cb626e4fbfb084deb
-
SHA1
44f36d618ce18ec81d49f820d4552fe038f0e141
-
SHA256
59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867
-
SHA512
31e85d6ac569fced5cf2d66c20c6a9d05c0a208c573005bd4597bad31f1f6d2aa63bcbc03cf169280c04952a5ee59c5b14e9e9b45592334310f52bcc5fc7c134
-
SSDEEP
192:YFqPom6B+9T9DLD9VpD2pE8stYcFwVc03KY:kqPz6B+9T1X9VIpEptYcFwVc03K
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-