General
-
Target
7FED85FDB6ADFC8B4455DDE0B4207DB3.exe
-
Size
4.4MB
-
Sample
210507-8ejn8w6csx
-
MD5
7fed85fdb6adfc8b4455dde0b4207db3
-
SHA1
91d05589e86fe64a011b1b0a5db10ddaa6704339
-
SHA256
feae3ba9a65d0aac7b12cd5f6793a4df892686674d1ca97bee01deac0b07e5e2
-
SHA512
0e7d7d31d48c324550c83323af0e4f7aceee04099827e89504288338e6e4b91317806c084ca0315b9c8b772d5d1c06623cda934cbe91e12d5f496424632de738
Static task
static1
Behavioral task
behavioral1
Sample
7FED85FDB6ADFC8B4455DDE0B4207DB3.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
7FED85FDB6ADFC8B4455DDE0B4207DB3.exe
Resource
win10v20210408
Malware Config
Extracted
redline
@Gonna_Support
77.232.41.231:43981
Targets
-
-
Target
7FED85FDB6ADFC8B4455DDE0B4207DB3.exe
-
Size
4.4MB
-
MD5
7fed85fdb6adfc8b4455dde0b4207db3
-
SHA1
91d05589e86fe64a011b1b0a5db10ddaa6704339
-
SHA256
feae3ba9a65d0aac7b12cd5f6793a4df892686674d1ca97bee01deac0b07e5e2
-
SHA512
0e7d7d31d48c324550c83323af0e4f7aceee04099827e89504288338e6e4b91317806c084ca0315b9c8b772d5d1c06623cda934cbe91e12d5f496424632de738
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-