General
-
Target
76aa71fb74945baf09e5dc296f9e6037.exe
-
Size
1.4MB
-
Sample
210507-g2hngs25c2
-
MD5
76aa71fb74945baf09e5dc296f9e6037
-
SHA1
b53a03fd4054ecb20e7e41f947e7aa87baacd14c
-
SHA256
a376b33f6b14c1d7b59ecd9c80c777fb1fe3116b52a459dd973bf68b1fe5225c
-
SHA512
ff3d676c2560cd4432d7e6a3434b3e99bf6458c404b726f7d8869859adea3dd44e7c3467c46e3cffc9ea108c0cb92657633b23f6135a9ec7b732da03bcf9c193
Static task
static1
Behavioral task
behavioral1
Sample
76aa71fb74945baf09e5dc296f9e6037.exe
Resource
win7v20210408
Malware Config
Extracted
redline
0105site
188.119.113.198:17161
Targets
-
-
Target
76aa71fb74945baf09e5dc296f9e6037.exe
-
Size
1.4MB
-
MD5
76aa71fb74945baf09e5dc296f9e6037
-
SHA1
b53a03fd4054ecb20e7e41f947e7aa87baacd14c
-
SHA256
a376b33f6b14c1d7b59ecd9c80c777fb1fe3116b52a459dd973bf68b1fe5225c
-
SHA512
ff3d676c2560cd4432d7e6a3434b3e99bf6458c404b726f7d8869859adea3dd44e7c3467c46e3cffc9ea108c0cb92657633b23f6135a9ec7b732da03bcf9c193
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-