General
-
Target
yollskare.zip
-
Size
35.0MB
-
Sample
240624-vwdj2stejb
-
MD5
4887b175958a86cd26d2a117066a363c
-
SHA1
a168a2c626ab02254a6e4b7f00352e9ee549d4cf
-
SHA256
227447de76c7bcb29130c5b22705a2bf09bf8d648fc3448cb832ce8e6f9be15a
-
SHA512
3cb6347662cb5b16e3bf6b7b43ddf8f4a0720d00c23ffd7c0ff4d14fdca5860284ca2b91e5d6c348d5845736206f87eb4792771efab8c3ebb45a8b41d29f2d98
-
SSDEEP
786432:hMuCrZX2d1wN+KLj/BMWCJd/B2VgmrJD4KrtQHRfekgr5B+pe7Q/2bFK9+O++vtZ:qGd6N+k/ed/B8gcCKWRKvu2JK/
Static task
static1
Behavioral task
behavioral1
Sample
yollskare.zip
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
yollskare.zip
Resource
win10v2004-20240226-en
Malware Config
Extracted
redline
185.196.9.26:6302
Extracted
lumma
https://employeedscratshj.shop/api
Targets
-
-
Target
yollskare.zip
-
Size
35.0MB
-
MD5
4887b175958a86cd26d2a117066a363c
-
SHA1
a168a2c626ab02254a6e4b7f00352e9ee549d4cf
-
SHA256
227447de76c7bcb29130c5b22705a2bf09bf8d648fc3448cb832ce8e6f9be15a
-
SHA512
3cb6347662cb5b16e3bf6b7b43ddf8f4a0720d00c23ffd7c0ff4d14fdca5860284ca2b91e5d6c348d5845736206f87eb4792771efab8c3ebb45a8b41d29f2d98
-
SSDEEP
786432:hMuCrZX2d1wN+KLj/BMWCJd/B2VgmrJD4KrtQHRfekgr5B+pe7Q/2bFK9+O++vtZ:qGd6N+k/ed/B8gcCKWRKvu2JK/
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-