General
-
Target
9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396bN.exe
-
Size
1.5MB
-
Sample
241216-m7d1ysxngz
-
MD5
885ce6288fc5b8553f8c58693423f850
-
SHA1
a46c0c6068b2b8bf94a71fce7c21a46a01c5c7c9
-
SHA256
9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396b
-
SHA512
26e76bb0f8859d392ff4f1d8dce373f110c274293ca3dfb8e4bd19ff05f9d2b327640f0696fd1cea270f88d1840b0746f411eecd82bed884da2642d3e0489034
-
SSDEEP
24576:XAvoYumb9Vt9dzv5/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:qD5LNiXicJFFRGNzj3
Static task
static1
Behavioral task
behavioral1
Sample
9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396bN.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396bN.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
eewx
185.81.68.147:1912
Targets
-
-
Target
9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396bN.exe
-
Size
1.5MB
-
MD5
885ce6288fc5b8553f8c58693423f850
-
SHA1
a46c0c6068b2b8bf94a71fce7c21a46a01c5c7c9
-
SHA256
9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396b
-
SHA512
26e76bb0f8859d392ff4f1d8dce373f110c274293ca3dfb8e4bd19ff05f9d2b327640f0696fd1cea270f88d1840b0746f411eecd82bed884da2642d3e0489034
-
SSDEEP
24576:XAvoYumb9Vt9dzv5/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:qD5LNiXicJFFRGNzj3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2