General
-
Target
AlienCrypterbyKGB.exe
-
Size
21.4MB
-
Sample
240629-r1bdpsseqn
-
MD5
9c13c90792ac75308e5e0e2b1935afa0
-
SHA1
3d376ffc4ac0d241f872403fcfbe8dc095c8e24e
-
SHA256
1da411a99c55c77955ff1145f7d65bbecf2aaf18a508c5ed5eda0ca01a49a360
-
SHA512
3fa52c500c21c72f49a33a87af64d57b0fbc9d0756b122b1af566e24389663e65e8c9ab7301591748ddd02ac89adb8fcfd9004c2f109eb202a4264c962500932
-
SSDEEP
196608:VBt6Zry+AytcLI0bNPFcdwLu9YcRTd9/fcMqYmlhl9xZfJ/vSHaVSElV:bIvAd9jy9D1fh0l9xJJ/6HCSwV
Static task
static1
Behavioral task
behavioral1
Sample
AlienCrypterbyKGB.exe
Resource
win7-20240508-en
Malware Config
Extracted
redline
K23
144.172.122.232:20131
Targets
-
-
Target
AlienCrypterbyKGB.exe
-
Size
21.4MB
-
MD5
9c13c90792ac75308e5e0e2b1935afa0
-
SHA1
3d376ffc4ac0d241f872403fcfbe8dc095c8e24e
-
SHA256
1da411a99c55c77955ff1145f7d65bbecf2aaf18a508c5ed5eda0ca01a49a360
-
SHA512
3fa52c500c21c72f49a33a87af64d57b0fbc9d0756b122b1af566e24389663e65e8c9ab7301591748ddd02ac89adb8fcfd9004c2f109eb202a4264c962500932
-
SSDEEP
196608:VBt6Zry+AytcLI0bNPFcdwLu9YcRTd9/fcMqYmlhl9xZfJ/vSHaVSElV:bIvAd9jy9D1fh0l9xJJ/6HCSwV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-