General
-
Target
9901d90330c9d140262d6741a7ba3de7.exe
-
Size
671KB
-
Sample
210504-tlgfyv3zka
-
MD5
9901d90330c9d140262d6741a7ba3de7
-
SHA1
c68de5eaaf9e9e34acaac51b83c9ddc36798dbd8
-
SHA256
fe28808f8b07b484ff987a1ccc2f187857139e84d58dfbbb8004ce29f21bf1ea
-
SHA512
29623777cdf0d78e6193f31cdff84165ec1958683c487c550314721952d9ec943f7a09fa405e6b518e9443dc1d47cdba7fb9dc2a324994020c58f587132fd1f6
Static task
static1
Behavioral task
behavioral1
Sample
9901d90330c9d140262d6741a7ba3de7.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
9901d90330c9d140262d6741a7ba3de7.exe
Resource
win10v20210410
Malware Config
Extracted
redline
Arind1
195.2.84.82:56801
Targets
-
-
Target
9901d90330c9d140262d6741a7ba3de7.exe
-
Size
671KB
-
MD5
9901d90330c9d140262d6741a7ba3de7
-
SHA1
c68de5eaaf9e9e34acaac51b83c9ddc36798dbd8
-
SHA256
fe28808f8b07b484ff987a1ccc2f187857139e84d58dfbbb8004ce29f21bf1ea
-
SHA512
29623777cdf0d78e6193f31cdff84165ec1958683c487c550314721952d9ec943f7a09fa405e6b518e9443dc1d47cdba7fb9dc2a324994020c58f587132fd1f6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-