General
-
Target
375e9acde29beee941aa2706285f34b1.exe
-
Size
4.5MB
-
Sample
240701-hjl97sycnf
-
MD5
375e9acde29beee941aa2706285f34b1
-
SHA1
e4beb794991712982a6ef02fb41b59b7eb82b202
-
SHA256
b2a4a9e9cd0fbce0d8bb0e6d7bd34aacca346ad20e0835064366a557bba2e20b
-
SHA512
4d376813cb1ede9ad20cac49a8ad8bc83dfaefd13e1326f7710fa357e9c636446c19684641ecf16eaf0e73283895a3fe7fd29fdb12c1f60065d7c9810d256597
-
SSDEEP
98304:ZWFsTuRN2zazBLlLvOc1Pgd1Ea0fzsFvOFLyf:ZWFsTuRN2zahf1Y7Efy
Static task
static1
Behavioral task
behavioral1
Sample
375e9acde29beee941aa2706285f34b1.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
375e9acde29beee941aa2706285f34b1.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
X
5.161.190.139:8732
Targets
-
-
Target
375e9acde29beee941aa2706285f34b1.exe
-
Size
4.5MB
-
MD5
375e9acde29beee941aa2706285f34b1
-
SHA1
e4beb794991712982a6ef02fb41b59b7eb82b202
-
SHA256
b2a4a9e9cd0fbce0d8bb0e6d7bd34aacca346ad20e0835064366a557bba2e20b
-
SHA512
4d376813cb1ede9ad20cac49a8ad8bc83dfaefd13e1326f7710fa357e9c636446c19684641ecf16eaf0e73283895a3fe7fd29fdb12c1f60065d7c9810d256597
-
SSDEEP
98304:ZWFsTuRN2zazBLlLvOc1Pgd1Ea0fzsFvOFLyf:ZWFsTuRN2zahf1Y7Efy
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-