General
-
Target
3d19662ef649bd52895dedbbe8bf4e54fd2b667440fcb9a8baefb71f350eba31.exe
-
Size
2.3MB
-
Sample
241124-cl8nbsvmap
-
MD5
730a8f0e0a80be36bf9ba0e6cc839e77
-
SHA1
ceefe9311b024144e5ea3af32b4f33a48f90fa2f
-
SHA256
3d19662ef649bd52895dedbbe8bf4e54fd2b667440fcb9a8baefb71f350eba31
-
SHA512
c83849f9f8cf0407fbbe3f300660e907122f21bc3b554d1d372e2b408be3e9adb560e27b5fd8473abadb5bc8544a779f91d7437e1140cc1e8588773cc1a8c705
-
SSDEEP
49152:y4XP96ykubgOg0ETAVlCOZ2vz9/HQi+Ty5:l9jbghcCi2vzxwi+Ty
Static task
static1
Behavioral task
behavioral1
Sample
3d19662ef649bd52895dedbbe8bf4e54fd2b667440fcb9a8baefb71f350eba31.exe
Resource
win7-20240903-en
Malware Config
Extracted
redline
iShop
venom.underground-cheat.com:1337
Targets
-
-
Target
3d19662ef649bd52895dedbbe8bf4e54fd2b667440fcb9a8baefb71f350eba31.exe
-
Size
2.3MB
-
MD5
730a8f0e0a80be36bf9ba0e6cc839e77
-
SHA1
ceefe9311b024144e5ea3af32b4f33a48f90fa2f
-
SHA256
3d19662ef649bd52895dedbbe8bf4e54fd2b667440fcb9a8baefb71f350eba31
-
SHA512
c83849f9f8cf0407fbbe3f300660e907122f21bc3b554d1d372e2b408be3e9adb560e27b5fd8473abadb5bc8544a779f91d7437e1140cc1e8588773cc1a8c705
-
SSDEEP
49152:y4XP96ykubgOg0ETAVlCOZ2vz9/HQi+Ty5:l9jbghcCi2vzxwi+Ty
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
SectopRAT payload
-
Sectoprat family
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-