General
-
Target
b88f08a5c44e312cb5a36eba07675507.exe
-
Size
1.1MB
-
Sample
210531-yqk6hldy12
-
MD5
b88f08a5c44e312cb5a36eba07675507
-
SHA1
b28a985694923a1ed124326ce933fdaf77a81812
-
SHA256
61cc2e2bee105d20d5550eb96a5e755407e284c6f1bea03e60f5b23896f59a87
-
SHA512
53f69d9d1f02f352d0ccdff2cc9fd3fcdecaffe80ed46628283d234dbf52478e3fa5e8b8f573bb07bc70fb201ab21468cb893aa447d4400841bdf773c17d2e89
Static task
static1
Behavioral task
behavioral1
Sample
b88f08a5c44e312cb5a36eba07675507.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
b88f08a5c44e312cb5a36eba07675507.exe
Resource
win10v20210408
Malware Config
Extracted
redline
new1
stakanene.xyz:80
Targets
-
-
Target
b88f08a5c44e312cb5a36eba07675507.exe
-
Size
1.1MB
-
MD5
b88f08a5c44e312cb5a36eba07675507
-
SHA1
b28a985694923a1ed124326ce933fdaf77a81812
-
SHA256
61cc2e2bee105d20d5550eb96a5e755407e284c6f1bea03e60f5b23896f59a87
-
SHA512
53f69d9d1f02f352d0ccdff2cc9fd3fcdecaffe80ed46628283d234dbf52478e3fa5e8b8f573bb07bc70fb201ab21468cb893aa447d4400841bdf773c17d2e89
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-