General
-
Target
41c114e52de616504df1cd4137de1ce8.exe
-
Size
187KB
-
Sample
210421-gy3jbt1gys
-
MD5
41c114e52de616504df1cd4137de1ce8
-
SHA1
0579cc93cf8e6dd57e878da1f520499e4a77cf5a
-
SHA256
556c6ec49b714eb7bf9b3d816fd18a8962fb6be756224aa4cf8614e5bd7f0738
-
SHA512
4dd0a49f9e5481cb3d3644604e896bc338021968fbae72d426ec67643759b644cba0f4dac81c7c3fef9a05aeca58171f11d790dc5ef76797bbe99a2e57900634
Static task
static1
Behavioral task
behavioral1
Sample
41c114e52de616504df1cd4137de1ce8.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
41c114e52de616504df1cd4137de1ce8.exe
Resource
win10v20210410
Malware Config
Extracted
redline
20_4_net
Sthellete.xyz:80
Extracted
redline
tor1
45.67.228.131:9603
Extracted
redline
sup
23.83.133.165:12639
Targets
-
-
Target
41c114e52de616504df1cd4137de1ce8.exe
-
Size
187KB
-
MD5
41c114e52de616504df1cd4137de1ce8
-
SHA1
0579cc93cf8e6dd57e878da1f520499e4a77cf5a
-
SHA256
556c6ec49b714eb7bf9b3d816fd18a8962fb6be756224aa4cf8614e5bd7f0738
-
SHA512
4dd0a49f9e5481cb3d3644604e896bc338021968fbae72d426ec67643759b644cba0f4dac81c7c3fef9a05aeca58171f11d790dc5ef76797bbe99a2e57900634
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-