General
-
Target
XORLo47xgeBB82g5D6rM.exe
-
Size
995KB
-
Sample
210505-n4867dtcx2
-
MD5
a4f61bad23090fdec0a408d6fce7a4aa
-
SHA1
e183b9fda5c7a9e4ddd98d9cf93b5aab4670aae7
-
SHA256
1efeb065915f4f4dc1a53837ef5f428b4c73d27fb30086ccb8d792d2f68295a4
-
SHA512
1d1eab8c1764a73bb5279606b141f6ffe890e0272f3b2e7f2f82c4da0c471e489f0a546d5dce6debf86b5f2a00861fb9d53127b92a01b4462f9e2c5f82bfb091
Static task
static1
Behavioral task
behavioral1
Sample
XORLo47xgeBB82g5D6rM.exe
Resource
win7v20210408
Malware Config
Extracted
redline
2.05.111M
redworksite.info:80
Targets
-
-
Target
XORLo47xgeBB82g5D6rM.exe
-
Size
995KB
-
MD5
a4f61bad23090fdec0a408d6fce7a4aa
-
SHA1
e183b9fda5c7a9e4ddd98d9cf93b5aab4670aae7
-
SHA256
1efeb065915f4f4dc1a53837ef5f428b4c73d27fb30086ccb8d792d2f68295a4
-
SHA512
1d1eab8c1764a73bb5279606b141f6ffe890e0272f3b2e7f2f82c4da0c471e489f0a546d5dce6debf86b5f2a00861fb9d53127b92a01b4462f9e2c5f82bfb091
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-