General
-
Target
stl.exe
-
Size
511KB
-
Sample
240627-3fz24s1bmm
-
MD5
2d92c64d986c4640e4cb5bc41cb38821
-
SHA1
bfc8e36ac6e2e8e6d44cfbc421307bbd58036dd5
-
SHA256
31dd0e69fb3a0a0999aa228d766e36033bbf1e482bdb93912705850badfba7b0
-
SHA512
4975350e13824fe78e937fe9cf84f86d6de502e588cf219ba2d73a171b74af4382b6b134033cc4cb590a6068299422834192bc52613161d2ee362b6464caa962
-
SSDEEP
12288:A0NJCJ5go5P8YJ1ujzKSmWmfiV2gyZKa+oMXArnPsUx7GqnfYZr8uEFk:JDCAoZuaSmWm
Static task
static1
Behavioral task
behavioral1
Sample
stl.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
stl.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
stl.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
06-25-24
85.28.47.7:17210
Targets
-
-
Target
stl.exe
-
Size
511KB
-
MD5
2d92c64d986c4640e4cb5bc41cb38821
-
SHA1
bfc8e36ac6e2e8e6d44cfbc421307bbd58036dd5
-
SHA256
31dd0e69fb3a0a0999aa228d766e36033bbf1e482bdb93912705850badfba7b0
-
SHA512
4975350e13824fe78e937fe9cf84f86d6de502e588cf219ba2d73a171b74af4382b6b134033cc4cb590a6068299422834192bc52613161d2ee362b6464caa962
-
SSDEEP
12288:A0NJCJ5go5P8YJ1ujzKSmWmfiV2gyZKa+oMXArnPsUx7GqnfYZr8uEFk:JDCAoZuaSmWm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-