General
-
Target
mixazed_20210706-183043
-
Size
1.4MB
-
Sample
210706-8efzcnd8pj
-
MD5
97afea1db16077be6b8d3a57f9b7a037
-
SHA1
540610e535d1a0cfac3725fd4d49fc2894665cf8
-
SHA256
97f6f4bd2bc1104bbe4c1b3cfe8ac386e8b4a35f0c9d2b63bcee04afea965965
-
SHA512
5938a2236cc6ac61977a42c4547ecc6e9c20c5cca29cb3e114970f90b28fe0daced06ee70490a604a0dbcee01565d5f6b1b49bf518ddcada1a50f9cc107d3a27
Static task
static1
Behavioral task
behavioral1
Sample
mixazed_20210706-183043.exe
Resource
win7v20210410
Malware Config
Extracted
redline
3
185.215.113.46:61707
Targets
-
-
Target
mixazed_20210706-183043
-
Size
1.4MB
-
MD5
97afea1db16077be6b8d3a57f9b7a037
-
SHA1
540610e535d1a0cfac3725fd4d49fc2894665cf8
-
SHA256
97f6f4bd2bc1104bbe4c1b3cfe8ac386e8b4a35f0c9d2b63bcee04afea965965
-
SHA512
5938a2236cc6ac61977a42c4547ecc6e9c20c5cca29cb3e114970f90b28fe0daced06ee70490a604a0dbcee01565d5f6b1b49bf518ddcada1a50f9cc107d3a27
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-