General
-
Target
modest-menu.exe
-
Size
512KB
-
Sample
240629-p4n3vs1bnp
-
MD5
95615078a0eb33b1c7bcaa420550c44e
-
SHA1
9009ebd7a01c84a4637d06fd16be33cbb8dc2b61
-
SHA256
c957609147be9600ae8ecf2a977bfd8ae9eb1a8dfa0c4f303be0636ebd518156
-
SHA512
bff7428847a5d57d6a6229aa5442384b07df2d6a3ce0bf9d9a859232106845d3c3764a5d9dd1c2d7d16dda4f414636039f513d097947975538e9a5c2544e6d02
-
SSDEEP
12288:kKFfKsLIh/4h7TqZFjLb6A4OgyVUrFuma1HwTAT36Z/xZWb/GG:k8iP/EPqZFvb6A4xuGMTKWO
Static task
static1
Behavioral task
behavioral1
Sample
modest-menu.exe
Resource
win11-20240611-en
Malware Config
Extracted
redline
@mass1vexdd
94.228.166.68:80
Targets
-
-
Target
modest-menu.exe
-
Size
512KB
-
MD5
95615078a0eb33b1c7bcaa420550c44e
-
SHA1
9009ebd7a01c84a4637d06fd16be33cbb8dc2b61
-
SHA256
c957609147be9600ae8ecf2a977bfd8ae9eb1a8dfa0c4f303be0636ebd518156
-
SHA512
bff7428847a5d57d6a6229aa5442384b07df2d6a3ce0bf9d9a859232106845d3c3764a5d9dd1c2d7d16dda4f414636039f513d097947975538e9a5c2544e6d02
-
SSDEEP
12288:kKFfKsLIh/4h7TqZFjLb6A4OgyVUrFuma1HwTAT36Z/xZWb/GG:k8iP/EPqZFvb6A4xuGMTKWO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-