General
-
Target
eeb397bd859f7efb9e507c0878562cd1.exe
-
Size
995KB
-
Sample
210502-gt3ysvlywx
-
MD5
eeb397bd859f7efb9e507c0878562cd1
-
SHA1
f2933d4df487ff310ff6e755884f2baf14404f5b
-
SHA256
8c2bcfb8657193f893a95fac8d90cabad1b35ed4ed2402dc717523ef255b9e2e
-
SHA512
9c8e1567621e81535d921ac2a0fabb468d8d7aa83bb793851c9434a49e7f7b9d62d21bad9646220be241f9c9b67858dc99af9d1e09affe3753a2d2496598dacd
Static task
static1
Behavioral task
behavioral1
Sample
eeb397bd859f7efb9e507c0878562cd1.exe
Resource
win7v20210410
Malware Config
Extracted
redline
2.05.111M
redworksite.info:80
Targets
-
-
Target
eeb397bd859f7efb9e507c0878562cd1.exe
-
Size
995KB
-
MD5
eeb397bd859f7efb9e507c0878562cd1
-
SHA1
f2933d4df487ff310ff6e755884f2baf14404f5b
-
SHA256
8c2bcfb8657193f893a95fac8d90cabad1b35ed4ed2402dc717523ef255b9e2e
-
SHA512
9c8e1567621e81535d921ac2a0fabb468d8d7aa83bb793851c9434a49e7f7b9d62d21bad9646220be241f9c9b67858dc99af9d1e09affe3753a2d2496598dacd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-