General
-
Target
7dba85a4920b25645867b6cb50dcccd7.exe
-
Size
7.5MB
-
Sample
210510-jrkrss2pha
-
MD5
7dba85a4920b25645867b6cb50dcccd7
-
SHA1
640784e9a780182bedb1229f495ffa18588ff590
-
SHA256
71f02c2c42215c3cdc78cf61bd5f26eaf50c532d74e284c0d850a525cf8d6fa8
-
SHA512
ccd5ed7cdf7455b1ed61114de459ef55d86764cab8135249ddf2266f5827e3a5a05690b0d168e480ad220ec8686610ce6f1fda64a814ca22debd1d2d54da7a56
Static task
static1
Behavioral task
behavioral1
Sample
7dba85a4920b25645867b6cb50dcccd7.exe
Resource
win7v20210408
Malware Config
Extracted
redline
01
45.144.29.2:53335
Targets
-
-
Target
7dba85a4920b25645867b6cb50dcccd7.exe
-
Size
7.5MB
-
MD5
7dba85a4920b25645867b6cb50dcccd7
-
SHA1
640784e9a780182bedb1229f495ffa18588ff590
-
SHA256
71f02c2c42215c3cdc78cf61bd5f26eaf50c532d74e284c0d850a525cf8d6fa8
-
SHA512
ccd5ed7cdf7455b1ed61114de459ef55d86764cab8135249ddf2266f5827e3a5a05690b0d168e480ad220ec8686610ce6f1fda64a814ca22debd1d2d54da7a56
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-