General
-
Target
c32028c1d21ffb0f950fd89633908c06.bin
-
Size
399KB
-
Sample
240628-dmdd9axhng
-
MD5
15963578574c70585a8acdeaebcff86b
-
SHA1
2fb2456aed4979e966e88d382f425bac74a3c72d
-
SHA256
d7835764bd824c2715c60ea7fb64df0500c073b9d63f84a9a901b6fd6e22244c
-
SHA512
e59432b735c4c4eab636c1d04ecc84ab12a7977ccdbb693151c8098752e5da9169a068f54f7588c8b2ac5cea3c208cf539b20db0b641eec3dbcc1a6880c978c6
-
SSDEEP
6144:+kmJsxnljbRHjBk7k1j2sDB1Bf7ZJTioC2cMvyfBcsa9IklPKfxFbvg8Jgmhvxtf:+/InljVDB26N1d7jShfCXblPK5JVtDD/
Static task
static1
Behavioral task
behavioral1
Sample
9570506aa6a69053f2d07f64a7e506190e999e55a431501dec05fef12de3e4ea.exe
Resource
win7-20231129-en
Malware Config
Extracted
redline
@oleh_psp
185.172.128.33:8970
Targets
-
-
Target
9570506aa6a69053f2d07f64a7e506190e999e55a431501dec05fef12de3e4ea.exe
-
Size
492KB
-
MD5
c32028c1d21ffb0f950fd89633908c06
-
SHA1
c3f8c7d7e684ecf88014deba0d2faec05c11830d
-
SHA256
9570506aa6a69053f2d07f64a7e506190e999e55a431501dec05fef12de3e4ea
-
SHA512
3fced92d5a29d6129c043d9f19efbc98dff246984217d904aa4c6fbecad40384325831a428f00c4db0037959003d6d9d15625dfa6c27edc0e80e949d0c2b228c
-
SSDEEP
12288:sBGtU4PI3MHnOqY3xa4RufYXx7so6swy7Ko8:sIvPq1v6swy7B
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-