General
-
Target
11d0aea48bf2b268941cfcac15a9909b.exe
-
Size
1.1MB
-
Sample
210420-x1y88ecn1s
-
MD5
11d0aea48bf2b268941cfcac15a9909b
-
SHA1
e64488ef09cc7657e7e632edb7f75d36d95cf11d
-
SHA256
ee003e3fb0419a3a8e1c47c66f2001c7bdbf72fb8a829193c2298e2f1309ca6f
-
SHA512
d3266f6fa28ed73456e4159fb6ea5d592162a7afce289cb617cd138d47684c7877a4434d14dd1c57e333a3c5f29608db8d7e45ec2d74bd4bbce8597b3eb2a186
Static task
static1
Behavioral task
behavioral1
Sample
11d0aea48bf2b268941cfcac15a9909b.exe
Resource
win7v20210408
Malware Config
Extracted
redline
version_4
135.125.166.131:60294
Targets
-
-
Target
11d0aea48bf2b268941cfcac15a9909b.exe
-
Size
1.1MB
-
MD5
11d0aea48bf2b268941cfcac15a9909b
-
SHA1
e64488ef09cc7657e7e632edb7f75d36d95cf11d
-
SHA256
ee003e3fb0419a3a8e1c47c66f2001c7bdbf72fb8a829193c2298e2f1309ca6f
-
SHA512
d3266f6fa28ed73456e4159fb6ea5d592162a7afce289cb617cd138d47684c7877a4434d14dd1c57e333a3c5f29608db8d7e45ec2d74bd4bbce8597b3eb2a186
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-