General
-
Target
674e32f55ee780fa54fc9658c33834da.exe
-
Size
786KB
-
Sample
210504-2ja1bhwqhs
-
MD5
674e32f55ee780fa54fc9658c33834da
-
SHA1
275ec6d2f24e7c2eefdb046481d9db07f3d9397e
-
SHA256
3aca76d7bdd23aa701fffa2994e4b9438439056ad0317b78f6c7251b3fb9f2c5
-
SHA512
9ae2da11c90a8e996ea3b3cdb04b2ee76589881b26c9db11c672f0214d7d4ca821a5363ebbd55e481d56267cff85b5a52d160809d1a74d03c1375561581b5e70
Static task
static1
Behavioral task
behavioral1
Sample
674e32f55ee780fa54fc9658c33834da.exe
Resource
win7v20210408
Malware Config
Extracted
redline
pidr
95.181.152.183:31019
Targets
-
-
Target
674e32f55ee780fa54fc9658c33834da.exe
-
Size
786KB
-
MD5
674e32f55ee780fa54fc9658c33834da
-
SHA1
275ec6d2f24e7c2eefdb046481d9db07f3d9397e
-
SHA256
3aca76d7bdd23aa701fffa2994e4b9438439056ad0317b78f6c7251b3fb9f2c5
-
SHA512
9ae2da11c90a8e996ea3b3cdb04b2ee76589881b26c9db11c672f0214d7d4ca821a5363ebbd55e481d56267cff85b5a52d160809d1a74d03c1375561581b5e70
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-