General
-
Target
3fa383ee84580d83880217fd61449698.exe
-
Size
418KB
-
Sample
210422-7nrblwhgms
-
MD5
3fa383ee84580d83880217fd61449698
-
SHA1
aa78a35156892e68d6a0e93ff3f34c30faea0c1f
-
SHA256
08fa32b60c3a2d7c71e3be07021113e25eb9d13a79b34734f69efb341a88604f
-
SHA512
4b41615d89efe3cf63f680481e09003d67716c7b45c4ad3d02944e720a900008db166c5bc604f1dacbc5b6c0231b008c2825ceaf89408866a3223c18c038d265
Static task
static1
Behavioral task
behavioral1
Sample
3fa383ee84580d83880217fd61449698.exe
Resource
win7v20210408
Malware Config
Extracted
redline
v1
199.195.251.96:43073
Extracted
redline
PHO
87.251.71.8:80
Targets
-
-
Target
3fa383ee84580d83880217fd61449698.exe
-
Size
418KB
-
MD5
3fa383ee84580d83880217fd61449698
-
SHA1
aa78a35156892e68d6a0e93ff3f34c30faea0c1f
-
SHA256
08fa32b60c3a2d7c71e3be07021113e25eb9d13a79b34734f69efb341a88604f
-
SHA512
4b41615d89efe3cf63f680481e09003d67716c7b45c4ad3d02944e720a900008db166c5bc604f1dacbc5b6c0231b008c2825ceaf89408866a3223c18c038d265
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-