General
-
Target
15f948da0e0786ee883bc9714ee6b47a.exe
-
Size
809KB
-
Sample
240614-1mlf7axckh
-
MD5
15f948da0e0786ee883bc9714ee6b47a
-
SHA1
13d0747a12ce2783ac3a1d225d760cd5b2ed1aa1
-
SHA256
88b889a1477c81510c62a46c9eb1d77d386c59dceb0523e8b5734b6dde252573
-
SHA512
006913022a08797087c1a47e89f1fba3beef5eb7f925631d507e841f361b56fe7dbefa1a1a60c0f5542742ad71c0b142ab5f4d280bfd9bc50bf5f7018c6bb31e
-
SSDEEP
24576:aJr8tE+sQJRRGM3sU+7sdCGNcArcotgiko7ehxaFpmx9:aJ4LP1MsdV5c+g5OiaFM/
Static task
static1
Behavioral task
behavioral1
Sample
15f948da0e0786ee883bc9714ee6b47a.exe
Resource
win7-20240611-en
Malware Config
Extracted
redline
cheat
45.137.22.68:55615
Targets
-
-
Target
15f948da0e0786ee883bc9714ee6b47a.exe
-
Size
809KB
-
MD5
15f948da0e0786ee883bc9714ee6b47a
-
SHA1
13d0747a12ce2783ac3a1d225d760cd5b2ed1aa1
-
SHA256
88b889a1477c81510c62a46c9eb1d77d386c59dceb0523e8b5734b6dde252573
-
SHA512
006913022a08797087c1a47e89f1fba3beef5eb7f925631d507e841f361b56fe7dbefa1a1a60c0f5542742ad71c0b142ab5f4d280bfd9bc50bf5f7018c6bb31e
-
SSDEEP
24576:aJr8tE+sQJRRGM3sU+7sdCGNcArcotgiko7ehxaFpmx9:aJ4LP1MsdV5c+g5OiaFM/
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-