General
-
Target
32537a738e28be4492a76bd1fb6942cc
-
Size
383KB
-
Sample
210627-xyhzk56f26
-
MD5
32537a738e28be4492a76bd1fb6942cc
-
SHA1
adca143972e707e0f5ee9e3075219e51724f5599
-
SHA256
58199bddad762ec10114f06c6ed838b288558e61378d9caf74af1ba861e7e495
-
SHA512
b1e9ecb97f98ac6fd72398f48280b71ffb06d73d1b59768a84f02d961e40696cfecde8c9523fa37ad1b36e27ca23ade77957566b6effb916ed6326b8d40883f3
Static task
static1
Behavioral task
behavioral1
Sample
32537a738e28be4492a76bd1fb6942cc.exe
Resource
win7v20210408
Malware Config
Extracted
redline
test1
rdanoriran.xyz:80
Targets
-
-
Target
32537a738e28be4492a76bd1fb6942cc
-
Size
383KB
-
MD5
32537a738e28be4492a76bd1fb6942cc
-
SHA1
adca143972e707e0f5ee9e3075219e51724f5599
-
SHA256
58199bddad762ec10114f06c6ed838b288558e61378d9caf74af1ba861e7e495
-
SHA512
b1e9ecb97f98ac6fd72398f48280b71ffb06d73d1b59768a84f02d961e40696cfecde8c9523fa37ad1b36e27ca23ade77957566b6effb916ed6326b8d40883f3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-