General
-
Target
695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36.exe
-
Size
305KB
-
Sample
241219-cm7gnatkcr
-
MD5
5c7855655e383cbece176af24670d919
-
SHA1
655f0da6d7cd060a8998bd332fb6014893baeb2a
-
SHA256
695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36
-
SHA512
fb77b0b2e1e11f90df7725e93d8516325f682953c7c22fbbc9786b5b2b5131952f6f9c8f7354078af45ecd53ee84a5c2c988637ad5540b95c91e1d0f94a1f108
-
SSDEEP
6144:RJRGyoPwcMZAwSYQ1rL4OgbDetMfhiRdsLoOJ0tYRVlOPAKePNO4:dGyoPwcMZhnQ1rL4OKDeohi3sLo7WY4
Static task
static1
Behavioral task
behavioral1
Sample
695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
eewx
185.81.68.147:1912
Targets
-
-
Target
695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36.exe
-
Size
305KB
-
MD5
5c7855655e383cbece176af24670d919
-
SHA1
655f0da6d7cd060a8998bd332fb6014893baeb2a
-
SHA256
695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36
-
SHA512
fb77b0b2e1e11f90df7725e93d8516325f682953c7c22fbbc9786b5b2b5131952f6f9c8f7354078af45ecd53ee84a5c2c988637ad5540b95c91e1d0f94a1f108
-
SSDEEP
6144:RJRGyoPwcMZAwSYQ1rL4OgbDetMfhiRdsLoOJ0tYRVlOPAKePNO4:dGyoPwcMZhnQ1rL4OKDeohi3sLo7WY4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2