General
-
Target
5c23bdaac723e8a1ec8f3b8d883e33c9.bin
-
Size
585KB
-
Sample
240623-ccjylsvfpa
-
MD5
06abe456a9a8449bde93ea8196e3ef7f
-
SHA1
89fbc715aafef70b0f184ac2ed7f7d825dbcd016
-
SHA256
175ccb4fb22b514345639931ced586a64fb6a8ddce89d9efb58edf17397edadc
-
SHA512
78528af202de277b273565c0245a0231e4889270db5c48c9139902266eb9edefb467802d3adcd32f821a0bda230e28133efac5d308eed3cda7dab7b9e7c87f4e
-
SSDEEP
12288:F8ogOCxA1BXry2xEX5hjBpCiYcYwIsXgZ9DF:5FbJxEJhVpC5c+sXuD
Static task
static1
Behavioral task
behavioral1
Sample
0e356b54aa61defb7ced51eae0d1b1e024d9dd82c7d6b2e5da312790987a950c.exe
Resource
win7-20240611-en
Malware Config
Extracted
redline
MsWord
185.38.142.10:7474
Targets
-
-
Target
0e356b54aa61defb7ced51eae0d1b1e024d9dd82c7d6b2e5da312790987a950c.exe
-
Size
1.1MB
-
MD5
5c23bdaac723e8a1ec8f3b8d883e33c9
-
SHA1
f3164d7c52e4013dfcb0af33f6ef3b1f5b2194b3
-
SHA256
0e356b54aa61defb7ced51eae0d1b1e024d9dd82c7d6b2e5da312790987a950c
-
SHA512
40121c0f8248cca667288fd4b38c67c21f0125e7c47c5302b06646db55d6aeb1cea0179199984f2a74df7e5f23c5c7bd005a2d56d167344e05f7575b2f13a7d1
-
SSDEEP
24576:zAHnh+eWsN3skA4RV1Hom2KXMmHaPAZc+/5ZgbNob8vV05:+h+ZkldoPK8YaPAG+/5Zmu
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-