General
-
Target
310fd2e6a2056c7983afd48b75b5ca88.exe
-
Size
995KB
-
Sample
210310-3qj7r5ggw2
-
MD5
310fd2e6a2056c7983afd48b75b5ca88
-
SHA1
ddfeb5cbe8b9ae528629fe5e8afea7a7ea8fe570
-
SHA256
1df627a462077149e7a934ea1b758c8fccf34933f340fab14ca8976b4a6a5c20
-
SHA512
e60b86a1f38d7062bf1f766bc905abd7605803dc380b077f643d5b3b9c7a5c6710e2d777d2d05a7c3b756da8d87850653f2ef6d236e599287bd316b0039a51fe
Static task
static1
Behavioral task
behavioral1
Sample
310fd2e6a2056c7983afd48b75b5ca88.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
310fd2e6a2056c7983afd48b75b5ca88.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
310fd2e6a2056c7983afd48b75b5ca88.exe
-
Size
995KB
-
MD5
310fd2e6a2056c7983afd48b75b5ca88
-
SHA1
ddfeb5cbe8b9ae528629fe5e8afea7a7ea8fe570
-
SHA256
1df627a462077149e7a934ea1b758c8fccf34933f340fab14ca8976b4a6a5c20
-
SHA512
e60b86a1f38d7062bf1f766bc905abd7605803dc380b077f643d5b3b9c7a5c6710e2d777d2d05a7c3b756da8d87850653f2ef6d236e599287bd316b0039a51fe
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-