General
-
Target
1d1702af89bb5cc9e1ba10e87aaa0a4cc593a21e.zip
-
Size
43KB
-
Sample
240701-lcs1ysxarq
-
MD5
78201549f0476a8ff25d3cc1feac7aae
-
SHA1
64d7d6a229f5a4af3076d8756a9034f24c83816d
-
SHA256
83086e445c0ee419e722fbadcee58be0bc0029aefa9beaa6ca618c0d04444237
-
SHA512
f5afe9df789047f40ec20ba98a2fa3b0de416d5b467d9918b3ac57f59faf9bc15cf332addfd3cc94cb85cc2b2a936df13024c6fb22f68362d30509da8cea8e08
-
SSDEEP
768:9Ow7bHvETmNApGo11w5kCyJ2Y+OrE1Ab2CxAfagUBzN7rUaUFMwW:9HHv3AfwTyTRo1AiHagURRrUaUFMh
Static task
static1
Behavioral task
behavioral1
Sample
Nichiden Viet Nam - RFQ List & Specification.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
Nichiden Viet Nam - RFQ List & Specification.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
redline
foz
79.110.62.113:1912
Targets
-
-
Target
Nichiden Viet Nam - RFQ List & Specification.exe
-
Size
184KB
-
MD5
5a5469ff7562aa34384f44eee04643e1
-
SHA1
d894b3eb2d2cc3bcebfec296fbf5457cdd77a4b0
-
SHA256
64b9457cd80939e1e02d22607e1faae7787d60cc8ccff068f1b0ab2b2c1b8057
-
SHA512
51b9e53654e79a14e57e03200b38285f4218c62d68929cfecbeb02296386f2266edc324e619925d981de0e9285c2a5acbba1126dfa0d1d484e1627c438ce5aec
-
SSDEEP
1536:AfLsxO9kR8Bx09kANXrA32aF5D1osgrvzsVxI:xO9KUTF3LFx1osMveI
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-