General
-
Target
ea64fb745ef58010d1b9d7ac80f221d0
-
Size
178KB
-
Sample
210611-a34czscggs
-
MD5
ea64fb745ef58010d1b9d7ac80f221d0
-
SHA1
7be7c6a48ae96c8d7ef692d03c7405dea60f52a6
-
SHA256
191a6c8951aa3bc73634891e7551a229e15fd90ff0deacef8a2f3a8594d53f6d
-
SHA512
2a12518ee29836faecef01cc4660710e90ab81fb3e7080158011ea83f531bc2d0d8bc3ecf4ecb177cdee3ce0570f192628c6137ad98131706c76eb08956e8550
Static task
static1
Behavioral task
behavioral1
Sample
ea64fb745ef58010d1b9d7ac80f221d0.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
ea64fb745ef58010d1b9d7ac80f221d0.exe
Resource
win10v20210408
Malware Config
Extracted
redline
z0rm1on
185.241.61.33:16195
Targets
-
-
Target
ea64fb745ef58010d1b9d7ac80f221d0
-
Size
178KB
-
MD5
ea64fb745ef58010d1b9d7ac80f221d0
-
SHA1
7be7c6a48ae96c8d7ef692d03c7405dea60f52a6
-
SHA256
191a6c8951aa3bc73634891e7551a229e15fd90ff0deacef8a2f3a8594d53f6d
-
SHA512
2a12518ee29836faecef01cc4660710e90ab81fb3e7080158011ea83f531bc2d0d8bc3ecf4ecb177cdee3ce0570f192628c6137ad98131706c76eb08956e8550
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-