General
-
Target
bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62.exe
-
Size
81.0MB
-
Sample
240628-b55kcaxbqj
-
MD5
2262f88eb3f606208bfa9a79f45b9a28
-
SHA1
fdb30d07c16e7c29a6acf074573dde723c754577
-
SHA256
bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62
-
SHA512
7ba80a3adc4287da0c7a55746add7a01ae81af2dd4d2d07ef3d968d1aea20b88dc6416ef2f3386b16dfdab4d1c02361fad48207cd0b02580c9cbdefac7da6a9f
-
SSDEEP
786432:Z/i5Kul6pr3WPPzaCmoFuTF0XUZpMgniP3l3gennj2S:ZkASPr2pMgZUiS
Static task
static1
Behavioral task
behavioral1
Sample
bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
5213892547_99
https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac
Targets
-
-
Target
bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62.exe
-
Size
81.0MB
-
MD5
2262f88eb3f606208bfa9a79f45b9a28
-
SHA1
fdb30d07c16e7c29a6acf074573dde723c754577
-
SHA256
bf971fc281a59d5f8fd965bc0759e960f3a542e3ed4d37c609d468cb9789ce62
-
SHA512
7ba80a3adc4287da0c7a55746add7a01ae81af2dd4d2d07ef3d968d1aea20b88dc6416ef2f3386b16dfdab4d1c02361fad48207cd0b02580c9cbdefac7da6a9f
-
SSDEEP
786432:Z/i5Kul6pr3WPPzaCmoFuTF0XUZpMgniP3l3gennj2S:ZkASPr2pMgZUiS
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-