General
-
Target
eea2e0d879ab44e51905b09180034dda.exe
-
Size
7.6MB
-
Sample
210303-wcqxhy1yea
-
MD5
eea2e0d879ab44e51905b09180034dda
-
SHA1
75a4828f2005b89eb42a42ff304d23ca4e627bc2
-
SHA256
afc5d1c659bc8b4d23ab16bd112dce9bcdada2d17f7bcbc589290cbb8cb281c3
-
SHA512
28b571490a776385a285d8799c2f950fad49356f3e7fa603fea3409bc6b7ca0323479eb5a7a2238326f17794c5c25a5381cf037b89ead267123932a90c3da09a
Static task
static1
Behavioral task
behavioral1
Sample
eea2e0d879ab44e51905b09180034dda.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
eea2e0d879ab44e51905b09180034dda.exe
-
Size
7.6MB
-
MD5
eea2e0d879ab44e51905b09180034dda
-
SHA1
75a4828f2005b89eb42a42ff304d23ca4e627bc2
-
SHA256
afc5d1c659bc8b4d23ab16bd112dce9bcdada2d17f7bcbc589290cbb8cb281c3
-
SHA512
28b571490a776385a285d8799c2f950fad49356f3e7fa603fea3409bc6b7ca0323479eb5a7a2238326f17794c5c25a5381cf037b89ead267123932a90c3da09a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-