General
-
Target
071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37
-
Size
512KB
-
Sample
240629-lem8gsvcme
-
MD5
a957dc16d684fbd7e12fc87e8ee12fea
-
SHA1
20c73ccfdba13fd9b79c9e02432be39e48e4b37d
-
SHA256
071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37
-
SHA512
fd6982587fba779d6febb84dfa65ec3e048e17733c2f01b61996bedb170bb4bb1cbb822c0dd2cf44a7e601373abaf499885b13b7957dd2a307bbd8f2120e9b3b
-
SSDEEP
12288:4iFfKsLIh/4hBNR3lfo4T4A1i5g70dbRFpJtRSfF:40iP/E/pigb1i5Q0dbLLWf
Static task
static1
Behavioral task
behavioral1
Sample
071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37.exe
Resource
win11-20240419-en
Malware Config
Extracted
redline
LiveTraffoc
4.185.56.82:42687
Targets
-
-
Target
071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37
-
Size
512KB
-
MD5
a957dc16d684fbd7e12fc87e8ee12fea
-
SHA1
20c73ccfdba13fd9b79c9e02432be39e48e4b37d
-
SHA256
071b6c448d2546dea8caed872fca0d002f59a6b9849f0de2a565fc74b487fa37
-
SHA512
fd6982587fba779d6febb84dfa65ec3e048e17733c2f01b61996bedb170bb4bb1cbb822c0dd2cf44a7e601373abaf499885b13b7957dd2a307bbd8f2120e9b3b
-
SSDEEP
12288:4iFfKsLIh/4hBNR3lfo4T4A1i5g70dbRFpJtRSfF:40iP/E/pigb1i5Q0dbLLWf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-