General
-
Target
e358fd349ec54deaa1a4926892dd9e1e261777976f78f87627e54e3cbff06019
-
Size
383KB
-
Sample
210630-t75vj812cs
-
MD5
3ec9a559d4ba30557916e9dbcba6daa9
-
SHA1
305b69665703112106abc7d5e2750542278d97ea
-
SHA256
e358fd349ec54deaa1a4926892dd9e1e261777976f78f87627e54e3cbff06019
-
SHA512
1fd93c86042104fde9c1a35ec4bf388327b9bb604cd9e0224b6f286a8039f64b50c0a8ea1ef19699b2b55591c9722a492d656bdfa5790f8000821be39a63f0b3
Static task
static1
Behavioral task
behavioral1
Sample
e358fd349ec54deaa1a4926892dd9e1e261777976f78f87627e54e3cbff06019.exe
Resource
win7v20210408
Malware Config
Extracted
redline
25_6_r
rdanoriran.xyz:80
Targets
-
-
Target
e358fd349ec54deaa1a4926892dd9e1e261777976f78f87627e54e3cbff06019
-
Size
383KB
-
MD5
3ec9a559d4ba30557916e9dbcba6daa9
-
SHA1
305b69665703112106abc7d5e2750542278d97ea
-
SHA256
e358fd349ec54deaa1a4926892dd9e1e261777976f78f87627e54e3cbff06019
-
SHA512
1fd93c86042104fde9c1a35ec4bf388327b9bb604cd9e0224b6f286a8039f64b50c0a8ea1ef19699b2b55591c9722a492d656bdfa5790f8000821be39a63f0b3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-