General
-
Target
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe
-
Size
661KB
-
Sample
240627-bxq2zsybpq
-
MD5
ebf299e666dd6d5e2e2bc6ceb3761665
-
SHA1
e4de13126c1f575f2217faf8abb6ac47b35a3172
-
SHA256
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c
-
SHA512
063323f0c3ba62dad9216556937e41f378463272feb014020578167f68bbfdc6dad399814de9b30815001268f0835b4b718ae58365566d67fe94e1a0ab7b80c6
-
SSDEEP
12288:GBUsFSdlab3dkVFQ9M6HvGSBvtMkMwyPTEpdjBSJlP0mhIzuEC96X7n0aeAhrim9:slFBNIFQKUvrB+k5tBSJVp4urM0aeAfE
Static task
static1
Behavioral task
behavioral1
Sample
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
VIP-MTN
94.156.69.12:1912
Targets
-
-
Target
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe
-
Size
661KB
-
MD5
ebf299e666dd6d5e2e2bc6ceb3761665
-
SHA1
e4de13126c1f575f2217faf8abb6ac47b35a3172
-
SHA256
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c
-
SHA512
063323f0c3ba62dad9216556937e41f378463272feb014020578167f68bbfdc6dad399814de9b30815001268f0835b4b718ae58365566d67fe94e1a0ab7b80c6
-
SSDEEP
12288:GBUsFSdlab3dkVFQ9M6HvGSBvtMkMwyPTEpdjBSJlP0mhIzuEC96X7n0aeAhrim9:slFBNIFQKUvrB+k5tBSJVp4urM0aeAfE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-