General
-
Target
117E4E3F1B6EDAE6745F82CF072008F1.exe
-
Size
1.0MB
-
Sample
210506-52kxpbejx2
-
MD5
117e4e3f1b6edae6745f82cf072008f1
-
SHA1
62bcde8f6c592a4be16b0d0feeb5fa2df13b0619
-
SHA256
3f3ce1f91c8f439a2c903fa08544b08e21704a53c3ab260d3a0b8d3dea425020
-
SHA512
f7e5ee09daf8e52729feb9259457659f0575f6695842611c01e327b8e70d7a10bc9901662fecb28a1c8b35ac57e86bd92f4a93d4fcca203f24502255274223c1
Static task
static1
Behavioral task
behavioral1
Sample
117E4E3F1B6EDAE6745F82CF072008F1.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
117E4E3F1B6EDAE6745F82CF072008F1.exe
Resource
win10v20210410
Malware Config
Extracted
redline
9874
nshoreyle.xyz:80
Targets
-
-
Target
117E4E3F1B6EDAE6745F82CF072008F1.exe
-
Size
1.0MB
-
MD5
117e4e3f1b6edae6745f82cf072008f1
-
SHA1
62bcde8f6c592a4be16b0d0feeb5fa2df13b0619
-
SHA256
3f3ce1f91c8f439a2c903fa08544b08e21704a53c3ab260d3a0b8d3dea425020
-
SHA512
f7e5ee09daf8e52729feb9259457659f0575f6695842611c01e327b8e70d7a10bc9901662fecb28a1c8b35ac57e86bd92f4a93d4fcca203f24502255274223c1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-