General
-
Target
c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892.exe
-
Size
135KB
-
Sample
210503-4zpmewyhds
-
MD5
a8c90b03aa400acb0a7a97e6844ffff4
-
SHA1
2c1e9e53b0f3a8f0595b0e0eb845d3d23e38d242
-
SHA256
c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892ec5d750d94e68e4c108
-
SHA512
bb9fa35a4b8e0d3553bc214b1f6a4e076c830cf8e2fbe7fff44a3120c91a9f543c7fffe2ecaab466f96f18c9baec31cda454ab8f6e6b580575c088eda9239642
Static task
static1
Behavioral task
behavioral1
Sample
c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892.exe
Resource
win10v20210410
Malware Config
Extracted
redline
good_md
188.119.112.16:41392
Targets
-
-
Target
c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892.exe
-
Size
135KB
-
MD5
a8c90b03aa400acb0a7a97e6844ffff4
-
SHA1
2c1e9e53b0f3a8f0595b0e0eb845d3d23e38d242
-
SHA256
c89928a29ebf0c8c2acd7d9a457236e15d1a604d5c892ec5d750d94e68e4c108
-
SHA512
bb9fa35a4b8e0d3553bc214b1f6a4e076c830cf8e2fbe7fff44a3120c91a9f543c7fffe2ecaab466f96f18c9baec31cda454ab8f6e6b580575c088eda9239642
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-