General
-
Target
529B07459F16BCCC17AC89A46197FD4A.exe
-
Size
2.5MB
-
Sample
210629-7a4w9xwtre
-
MD5
529b07459f16bccc17ac89a46197fd4a
-
SHA1
8f4e6fd8722aac285b4392b06c471a433964c13f
-
SHA256
a8288077dd8efe988232bbcc8519f636f097795cd34d87963ea61ac712336d1a
-
SHA512
39ddee2ef03ae6f1e59f59ec8af0868a20eacc39620bd6f7e7cc8b715aac8f31126283c984bffb063a2e446906583731df23f69eb8929e81f65fffd7520a0f81
Static task
static1
Behavioral task
behavioral1
Sample
529B07459F16BCCC17AC89A46197FD4A.exe
Resource
win7v20210410
Malware Config
Extracted
redline
@setfps
51.38.203.212:58999
Targets
-
-
Target
529B07459F16BCCC17AC89A46197FD4A.exe
-
Size
2.5MB
-
MD5
529b07459f16bccc17ac89a46197fd4a
-
SHA1
8f4e6fd8722aac285b4392b06c471a433964c13f
-
SHA256
a8288077dd8efe988232bbcc8519f636f097795cd34d87963ea61ac712336d1a
-
SHA512
39ddee2ef03ae6f1e59f59ec8af0868a20eacc39620bd6f7e7cc8b715aac8f31126283c984bffb063a2e446906583731df23f69eb8929e81f65fffd7520a0f81
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
XMRig Miner Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-