General
-
Target
38ef3953d75c63a4484ab212ccde65c17cfc5c4b7473b515f9db8ff6652e23d4
-
Size
514KB
-
Sample
240627-2n92lswane
-
MD5
b00ebc56e8b0960b4058e3bc3829bc18
-
SHA1
04e4c4be212f92978a8b4f83bdf691d686f04016
-
SHA256
38ef3953d75c63a4484ab212ccde65c17cfc5c4b7473b515f9db8ff6652e23d4
-
SHA512
bae7486ab7d59a5be25961ce93b270a1b061248d2b36178eb00575b280e9a3aeab51ad0884a1ee3e92649718b5700e93de81962a7ebfe919bee56238fb4e4296
-
SSDEEP
12288:c+e1fhrBVs4V3x3IddMK75HRPJc41cvmOjCDlD1:c+YhrTCddMK1NJcVzCDlD
Static task
static1
Behavioral task
behavioral1
Sample
38ef3953d75c63a4484ab212ccde65c17cfc5c4b7473b515f9db8ff6652e23d4.exe
Resource
win7-20240508-en
Malware Config
Extracted
redline
@OLEH_PSP
185.172.128.33:8970
Targets
-
-
Target
38ef3953d75c63a4484ab212ccde65c17cfc5c4b7473b515f9db8ff6652e23d4
-
Size
514KB
-
MD5
b00ebc56e8b0960b4058e3bc3829bc18
-
SHA1
04e4c4be212f92978a8b4f83bdf691d686f04016
-
SHA256
38ef3953d75c63a4484ab212ccde65c17cfc5c4b7473b515f9db8ff6652e23d4
-
SHA512
bae7486ab7d59a5be25961ce93b270a1b061248d2b36178eb00575b280e9a3aeab51ad0884a1ee3e92649718b5700e93de81962a7ebfe919bee56238fb4e4296
-
SSDEEP
12288:c+e1fhrBVs4V3x3IddMK75HRPJc41cvmOjCDlD1:c+YhrTCddMK1NJcVzCDlD
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-