General
-
Target
0e356b54aa61defb7ced51eae0d1b1e024d9dd82c7d6b2e5da312790987a950c.exe
-
Size
1.1MB
-
Sample
240621-rttayatdpg
-
MD5
5c23bdaac723e8a1ec8f3b8d883e33c9
-
SHA1
f3164d7c52e4013dfcb0af33f6ef3b1f5b2194b3
-
SHA256
0e356b54aa61defb7ced51eae0d1b1e024d9dd82c7d6b2e5da312790987a950c
-
SHA512
40121c0f8248cca667288fd4b38c67c21f0125e7c47c5302b06646db55d6aeb1cea0179199984f2a74df7e5f23c5c7bd005a2d56d167344e05f7575b2f13a7d1
-
SSDEEP
24576:zAHnh+eWsN3skA4RV1Hom2KXMmHaPAZc+/5ZgbNob8vV05:+h+ZkldoPK8YaPAG+/5Zmu
Static task
static1
Behavioral task
behavioral1
Sample
0e356b54aa61defb7ced51eae0d1b1e024d9dd82c7d6b2e5da312790987a950c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0e356b54aa61defb7ced51eae0d1b1e024d9dd82c7d6b2e5da312790987a950c.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
MsWord
185.38.142.10:7474
Targets
-
-
Target
0e356b54aa61defb7ced51eae0d1b1e024d9dd82c7d6b2e5da312790987a950c.exe
-
Size
1.1MB
-
MD5
5c23bdaac723e8a1ec8f3b8d883e33c9
-
SHA1
f3164d7c52e4013dfcb0af33f6ef3b1f5b2194b3
-
SHA256
0e356b54aa61defb7ced51eae0d1b1e024d9dd82c7d6b2e5da312790987a950c
-
SHA512
40121c0f8248cca667288fd4b38c67c21f0125e7c47c5302b06646db55d6aeb1cea0179199984f2a74df7e5f23c5c7bd005a2d56d167344e05f7575b2f13a7d1
-
SSDEEP
24576:zAHnh+eWsN3skA4RV1Hom2KXMmHaPAZc+/5ZgbNob8vV05:+h+ZkldoPK8YaPAG+/5Zmu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-