General
-
Target
a16fd6417221b9f760ee7417a78751d6621726e8d76ab8e82954596c8e99d79c.exe
-
Size
816KB
-
Sample
241203-dagk5swmex
-
MD5
a4fa8bbf123fa899ae788e1cf6b27d98
-
SHA1
e0866c961ba217c7a1dc4345cbade4d5f4deade4
-
SHA256
a16fd6417221b9f760ee7417a78751d6621726e8d76ab8e82954596c8e99d79c
-
SHA512
3eab239a9792b32b975271f28f8dd66e10c9f42ab38dbbc610e0e68de647cbf44d1e36ced85a5f976dbb702e61e7f227d61eb138d0c6d8f5e4ccf541ee3b4c1e
-
SSDEEP
12288:0+YNQKbM0NWWUV8v4oX3ZcPc9crEee9jc8zeb8BXw/ORnNyAd1n2l5usx+Xt7:0+QfWagwp9cbe28zeY4ORgrx
Static task
static1
Behavioral task
behavioral1
Sample
a16fd6417221b9f760ee7417a78751d6621726e8d76ab8e82954596c8e99d79c.exe
Resource
win7-20240903-en
Malware Config
Extracted
redline
LOGS
87.120.120.86:1912
Targets
-
-
Target
a16fd6417221b9f760ee7417a78751d6621726e8d76ab8e82954596c8e99d79c.exe
-
Size
816KB
-
MD5
a4fa8bbf123fa899ae788e1cf6b27d98
-
SHA1
e0866c961ba217c7a1dc4345cbade4d5f4deade4
-
SHA256
a16fd6417221b9f760ee7417a78751d6621726e8d76ab8e82954596c8e99d79c
-
SHA512
3eab239a9792b32b975271f28f8dd66e10c9f42ab38dbbc610e0e68de647cbf44d1e36ced85a5f976dbb702e61e7f227d61eb138d0c6d8f5e4ccf541ee3b4c1e
-
SSDEEP
12288:0+YNQKbM0NWWUV8v4oX3ZcPc9crEee9jc8zeb8BXw/ORnNyAd1n2l5usx+Xt7:0+QfWagwp9cbe28zeY4ORgrx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-