General
-
Target
trainer v5.1.3.exe
-
Size
1.5MB
-
Sample
210421-24bwjske7j
-
MD5
d411460e9cf04cd64bdc25345bc9783b
-
SHA1
3374f053e1b9d40558c65bd363a3bae336a76cc8
-
SHA256
d47a34d18de0c08fa32f88fabb0123de6521b20f21a955f050c019a89360acb8
-
SHA512
8b8b8b9054daedd9f39682ab3d44f757f28085e028e4b666bca17a997e61c48b52cadbfefb851da0b4b4d2979ecd399f55e74bc0c9dd29b44cc26022fb26bd07
Static task
static1
Behavioral task
behavioral1
Sample
trainer v5.1.3.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
trainer v5.1.3.exe
Resource
win10v20210410
Behavioral task
behavioral3
Sample
trainer v5.1.3.exe
Resource
win10v20210410
Behavioral task
behavioral4
Sample
trainer v5.1.3.exe
Resource
win10v20210408
Behavioral task
behavioral5
Sample
trainer v5.1.3.exe
Resource
win7v20210410
Malware Config
Extracted
redline
Studio Product
93.114.128.190:49966
Targets
-
-
Target
trainer v5.1.3.exe
-
Size
1.5MB
-
MD5
d411460e9cf04cd64bdc25345bc9783b
-
SHA1
3374f053e1b9d40558c65bd363a3bae336a76cc8
-
SHA256
d47a34d18de0c08fa32f88fabb0123de6521b20f21a955f050c019a89360acb8
-
SHA512
8b8b8b9054daedd9f39682ab3d44f757f28085e028e4b666bca17a997e61c48b52cadbfefb851da0b4b4d2979ecd399f55e74bc0c9dd29b44cc26022fb26bd07
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-