General
-
Target
c06b71d7e3dc65653794fa2ff0759f2a.exe
-
Size
427KB
-
Sample
210422-qhng999rye
-
MD5
c06b71d7e3dc65653794fa2ff0759f2a
-
SHA1
1de6518d879b92e741cb118b2aba46dc160808ca
-
SHA256
dfecf9c450e683be8d6f11c2bd18c6c636d51824f78e7fc6d3b6e30f7ce93a3d
-
SHA512
2471abf3f2d48fa05d28060159a613f0b2843c2349ca827d8f3c94e37b0fd5dac1f06b51cdf5482b414836df6276f80d7821815692378da5b3b2ca5b417c156c
Static task
static1
Behavioral task
behavioral1
Sample
c06b71d7e3dc65653794fa2ff0759f2a.exe
Resource
win7v20210410
Malware Config
Extracted
redline
04-16-cr1
drerink.xyz:80
Targets
-
-
Target
c06b71d7e3dc65653794fa2ff0759f2a.exe
-
Size
427KB
-
MD5
c06b71d7e3dc65653794fa2ff0759f2a
-
SHA1
1de6518d879b92e741cb118b2aba46dc160808ca
-
SHA256
dfecf9c450e683be8d6f11c2bd18c6c636d51824f78e7fc6d3b6e30f7ce93a3d
-
SHA512
2471abf3f2d48fa05d28060159a613f0b2843c2349ca827d8f3c94e37b0fd5dac1f06b51cdf5482b414836df6276f80d7821815692378da5b3b2ca5b417c156c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-