General
-
Target
1014930853.exe
-
Size
189KB
-
Sample
210428-b5yapsfmye
-
MD5
d51901e3386120269c6b08fcaa3816e7
-
SHA1
6b0a36ce8cb5390d4d53800e4bf5281fb0eb5d7e
-
SHA256
afd25aff257a6b31a2377b9633a0f4227da3112976c749c34858d85436d0af5a
-
SHA512
5639773bca6fdeefe91ca58776758c1abd2a8a67824365dd0140800ddaa3935dcd4568eeebe8163f564e8d3754bce65b339163a230bd7d17b5c6e16eb5c345f5
Static task
static1
Behavioral task
behavioral1
Sample
1014930853.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
1014930853.exe
Resource
win10v20210410
Malware Config
Extracted
redline
EUU
download3.info:80
Targets
-
-
Target
1014930853.exe
-
Size
189KB
-
MD5
d51901e3386120269c6b08fcaa3816e7
-
SHA1
6b0a36ce8cb5390d4d53800e4bf5281fb0eb5d7e
-
SHA256
afd25aff257a6b31a2377b9633a0f4227da3112976c749c34858d85436d0af5a
-
SHA512
5639773bca6fdeefe91ca58776758c1abd2a8a67824365dd0140800ddaa3935dcd4568eeebe8163f564e8d3754bce65b339163a230bd7d17b5c6e16eb5c345f5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-