General
-
Target
DraftBl10101.exe
-
Size
511KB
-
Sample
240701-xhgewstdlc
-
MD5
76329ae46cc8e0f01ef274425f835369
-
SHA1
6ca774a4ba2e9c2da560df093e4adeb1ae1d30a4
-
SHA256
2639ce69da59a31b16e2d969fc39946986f67ca2c0cbb7b712e20c1bcb2ba785
-
SHA512
83f7a1e71f0ec5118840dd5809da420329cbe85009266766a58ae8a75b7546b4c23b677eca99b7bb45aa9b083841426cd17ee6cd3fc63c61ece44d6f8b275821
-
SSDEEP
12288:+0NbavSR5o04KEIPEqqGBZksOMLV1Ijy:LCz04KEIG2Zko51
Static task
static1
Behavioral task
behavioral1
Sample
DraftBl10101.exe
Resource
win7-20240220-en
Malware Config
Extracted
redline
01/07
147.124.209.128:7847
Targets
-
-
Target
DraftBl10101.exe
-
Size
511KB
-
MD5
76329ae46cc8e0f01ef274425f835369
-
SHA1
6ca774a4ba2e9c2da560df093e4adeb1ae1d30a4
-
SHA256
2639ce69da59a31b16e2d969fc39946986f67ca2c0cbb7b712e20c1bcb2ba785
-
SHA512
83f7a1e71f0ec5118840dd5809da420329cbe85009266766a58ae8a75b7546b4c23b677eca99b7bb45aa9b083841426cd17ee6cd3fc63c61ece44d6f8b275821
-
SSDEEP
12288:+0NbavSR5o04KEIPEqqGBZksOMLV1Ijy:LCz04KEIG2Zko51
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-