General
-
Target
49025966d2dd612fc1e423b01620debfd4c97701aefe2.exe
-
Size
1MB
-
Sample
210518-w542592d32
-
MD5
d6109df4ffa4303e3c30ba997735b689
-
SHA1
65ac8413b14d7ccb6c848e849caa0de7900116ee
-
SHA256
49025966d2dd612fc1e423b01620debfd4c97701aefe26a836cea9e2f2d6ab47
-
SHA512
5e735b12e77ab991c9d54b701645268579f154573aa8a04d8bf2cdb5ed59d3a8ede9f5e55cbce848cd5323fa1e6b3950d12ec5bb7a0bebb403d3711979e1cc8b
Static task
static1
Behavioral task
behavioral1
Sample
49025966d2dd612fc1e423b01620debfd4c97701aefe2.exe
Resource
win7v20210410
Malware Config
Extracted
redline
1111
65.21.144.202:62942
Targets
-
-
Target
49025966d2dd612fc1e423b01620debfd4c97701aefe2.exe
-
Size
1MB
-
MD5
d6109df4ffa4303e3c30ba997735b689
-
SHA1
65ac8413b14d7ccb6c848e849caa0de7900116ee
-
SHA256
49025966d2dd612fc1e423b01620debfd4c97701aefe26a836cea9e2f2d6ab47
-
SHA512
5e735b12e77ab991c9d54b701645268579f154573aa8a04d8bf2cdb5ed59d3a8ede9f5e55cbce848cd5323fa1e6b3950d12ec5bb7a0bebb403d3711979e1cc8b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Data from Local System
2Command and Control
Credential Access
Credentials in Files
2Defense Evasion
Discovery
Query Registry
1Remote System Discovery
1System Information Discovery
1Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation