General
-
Target
excellent.rar
-
Size
8.2MB
-
Sample
240628-wp1lnsxhpg
-
MD5
74390a2247fd11601ddbe918121b2a2a
-
SHA1
67986feefd597389e1fc1d8386af318100f446a2
-
SHA256
0a31cb7d5b2cdaec7287a6e3a9338f7da9922b85693d5111aa50ec43dde3d3de
-
SHA512
05be574b9b39197e7da11949a9e8d8d07eefffcdd91b26127356e53f0952c03d8e5668b9bffc3fefe8b67ea35fdc292c70275981312b7516afd11dd4f87ace9f
-
SSDEEP
196608:tDT22I/nk9psflVIhoFaTQRn4gE+trIghtZmUmvBH:tDLI/nYUlVJRBDEgrIgh6Xvd
Static task
static1
Behavioral task
behavioral1
Sample
excellent.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
libGLESv2.dll
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
6627938439_99
https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac
Targets
-
-
Target
excellent.exe
-
Size
296KB
-
MD5
efad4f96f696391769ef9944978dbb3b
-
SHA1
42ad30f7af140544eaeb8cc32d8fe5568aca8944
-
SHA256
26e9f0c78dde027c60eeacca5852a8f08853c440048ae45cbb054fd12e0cddd2
-
SHA512
427b793cd433be1251d8348a5d788ff4c927c5c78c6d2ad15a5de4de64f57e1c0182534d180de388734e28a4563f1b92fc30f1365356bd2fe6546beaf6da9da4
-
SSDEEP
6144:KL4miZW6NAIn7RMWhrWzMCx5T2exIT4tifYfcDVn0Q0+A9b/pcvEV:KEI5I7XCMCx5T2exIT4tifYfcDVn0Q0n
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-
-
-
Target
libGLESv2.dll
-
Size
6.8MB
-
MD5
90ad3c47740fce98015444d1289af9b9
-
SHA1
0135a04b2b590e1647e3a2b123596d62d57fece0
-
SHA256
2082c51a86bc8b7cd5e69cf5d43914efe5d939c90503539d657fde7915a95ae1
-
SHA512
40bdd65a9fa761bd3835ea9fb8c4c4d90531253d9dc7183d59c2051a627afc8b267d8de7e7478396e9fb779796f2b7e9b012564446671b4ed06427de5e93689e
-
SSDEEP
98304:WYasIDptJ/QOjZfU5Q9S6Vaem7EdGSfhgbMKl4F:WJJd59Hk392thgbMim
Score1/10 -