General
-
Target
ebf299e666dd6d5e2e2bc6ceb3761665.bin
-
Size
648KB
-
Sample
240628-dv5tga1ekl
-
MD5
75b50e7d0b5839bd11fb9ea35b073425
-
SHA1
2e0fc468c9b7ae4b52b007d2fb110a35bbf3e3c1
-
SHA256
6ddc127f290360a3355bf8810ae441c8ee1cd9d52581faff36bdc8b40463b559
-
SHA512
9eae15f5fd70d3edf93c4c155879bd4907afdcc9a6d9e324f6ba0c405acdd43247506ff8cd158a00ecc7e3b3161f6e521ecc5ec3a5b07e58669da945be1fbde1
-
SSDEEP
12288:MtSdNiPCNRyJS+OiNq7ajQ2zS5i1Wzvw/5mbnf6oZkfUjZUfHt5rkvm/I:MIdJN3+Z5Jm81WzvrrRZkTNGOw
Static task
static1
Behavioral task
behavioral1
Sample
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
VIP-MTN
94.156.69.12:1912
Targets
-
-
Target
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c.exe
-
Size
661KB
-
MD5
ebf299e666dd6d5e2e2bc6ceb3761665
-
SHA1
e4de13126c1f575f2217faf8abb6ac47b35a3172
-
SHA256
abc5d7e2fe95585f2c118d1e8ed171ea82ec3c76b02353aa5acca13cab13a32c
-
SHA512
063323f0c3ba62dad9216556937e41f378463272feb014020578167f68bbfdc6dad399814de9b30815001268f0835b4b718ae58365566d67fe94e1a0ab7b80c6
-
SSDEEP
12288:GBUsFSdlab3dkVFQ9M6HvGSBvtMkMwyPTEpdjBSJlP0mhIzuEC96X7n0aeAhrim9:slFBNIFQKUvrB+k5tBSJVp4urM0aeAfE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-