General
-
Target
203.exe
-
Size
323KB
-
Sample
240628-p7qqvstdll
-
MD5
42c8f8858523804d81a52b2ab0b6a061
-
SHA1
ddf8c7b6383d162f86d741afa7ada13ebed07364
-
SHA256
bf95b0ad273aa3449838a2a61bd14cc9efbd129bc183c7540a1baa9caa73ea1c
-
SHA512
9b75b6f856569ee3f99ad5d0def6d6319863bd577986e0a4dcdbc733f2de6d9eeaf0e26238192fc9d0697b1d277d909ff7f483314cedb38a9a51b997e5dbec58
-
SSDEEP
6144:O5uz/AtXTz0e0MR0TxuB3Ly2zScKh1BbCa5W8nKsZwUY:O5wAtXTz0VdgScKhr6r
Static task
static1
Behavioral task
behavioral1
Sample
203.exe
Resource
win11-20240611-en
Malware Config
Extracted
redline
5195552529
https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443
Targets
-
-
Target
203.exe
-
Size
323KB
-
MD5
42c8f8858523804d81a52b2ab0b6a061
-
SHA1
ddf8c7b6383d162f86d741afa7ada13ebed07364
-
SHA256
bf95b0ad273aa3449838a2a61bd14cc9efbd129bc183c7540a1baa9caa73ea1c
-
SHA512
9b75b6f856569ee3f99ad5d0def6d6319863bd577986e0a4dcdbc733f2de6d9eeaf0e26238192fc9d0697b1d277d909ff7f483314cedb38a9a51b997e5dbec58
-
SSDEEP
6144:O5uz/AtXTz0e0MR0TxuB3Ly2zScKh1BbCa5W8nKsZwUY:O5wAtXTz0VdgScKhr6r
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-