General
-
Target
e2ad8356a0f8868549918da28a853eb8.exe
-
Size
457KB
-
Sample
210507-hwh1gwgr2s
-
MD5
e2ad8356a0f8868549918da28a853eb8
-
SHA1
a54d44cf9ebf627de89c3bd7b5ec5685f15538af
-
SHA256
78dfcb8de3fc0b3cc573370bd92f0efd88a151e06d8e32fb6db12ca6daa09a00
-
SHA512
5d3d904d4a05eafecbb74a338ea7dc3b39166773aedf73e3bf8c4624254d6438d22e318982cab9dc47bec01e4f279ce673afc72bc1d4168b3239d372d215badc
Static task
static1
Behavioral task
behavioral1
Sample
e2ad8356a0f8868549918da28a853eb8.exe
Resource
win7v20210408
Malware Config
Extracted
redline
VR
199.195.251.96:43073
Extracted
vidar
38.7
890
https://HAL9THapi.faceit.comramilgame
-
profile_id
890
Targets
-
-
Target
e2ad8356a0f8868549918da28a853eb8.exe
-
Size
457KB
-
MD5
e2ad8356a0f8868549918da28a853eb8
-
SHA1
a54d44cf9ebf627de89c3bd7b5ec5685f15538af
-
SHA256
78dfcb8de3fc0b3cc573370bd92f0efd88a151e06d8e32fb6db12ca6daa09a00
-
SHA512
5d3d904d4a05eafecbb74a338ea7dc3b39166773aedf73e3bf8c4624254d6438d22e318982cab9dc47bec01e4f279ce673afc72bc1d4168b3239d372d215badc
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Vidar Stealer
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-