General
-
Target
c7dc028b47ab92ca5453f939825cf367.exe
-
Size
191KB
-
Sample
210418-7vn9cx3tw2
-
MD5
c7dc028b47ab92ca5453f939825cf367
-
SHA1
e13033f7711de668b09ca555df985cb62e56d12e
-
SHA256
9f34d20254c87d8f9c732df75eb5b707c41fd6cd5153f5e4733a0126ed304f0d
-
SHA512
49f9db82dbc9be1a00605d20c576dd56284cb734e4468bb693506112f0b03ca4c8f204b1d3a41c6527779e8871b182975477cf996567a4617eae695053f0fd0a
Static task
static1
Behavioral task
behavioral1
Sample
c7dc028b47ab92ca5453f939825cf367.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
c7dc028b47ab92ca5453f939825cf367.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
c7dc028b47ab92ca5453f939825cf367.exe
-
Size
191KB
-
MD5
c7dc028b47ab92ca5453f939825cf367
-
SHA1
e13033f7711de668b09ca555df985cb62e56d12e
-
SHA256
9f34d20254c87d8f9c732df75eb5b707c41fd6cd5153f5e4733a0126ed304f0d
-
SHA512
49f9db82dbc9be1a00605d20c576dd56284cb734e4468bb693506112f0b03ca4c8f204b1d3a41c6527779e8871b182975477cf996567a4617eae695053f0fd0a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-