General
-
Target
680c60bd9161140133992d026fabdfc5.exe
-
Size
997KB
-
Sample
210512-xcth42j22e
-
MD5
680c60bd9161140133992d026fabdfc5
-
SHA1
1f5a81fdfecd613f6a0c6362a2c7b1757d642bf5
-
SHA256
d6c5d0d59ecf0f03c81e42ab58ca052a806bc9f145688441e1fe7038c0ed9f0c
-
SHA512
7e64ead53d6abbe8efa8ba18ad7764aa36d4692f6b92cc03bc9999511bd94f8a83bdfa98edcf07bb98c81785ee20d791c5cb06181caeb07cb3dc0435332de2ca
Static task
static1
Behavioral task
behavioral1
Sample
680c60bd9161140133992d026fabdfc5.exe
Resource
win10v20210410
Malware Config
Extracted
redline
zastaredan.xyz:80
Targets
-
-
Target
680c60bd9161140133992d026fabdfc5.exe
-
Size
997KB
-
MD5
680c60bd9161140133992d026fabdfc5
-
SHA1
1f5a81fdfecd613f6a0c6362a2c7b1757d642bf5
-
SHA256
d6c5d0d59ecf0f03c81e42ab58ca052a806bc9f145688441e1fe7038c0ed9f0c
-
SHA512
7e64ead53d6abbe8efa8ba18ad7764aa36d4692f6b92cc03bc9999511bd94f8a83bdfa98edcf07bb98c81785ee20d791c5cb06181caeb07cb3dc0435332de2ca
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-