General
-
Target
5af2d4f23b526022e3446bf28928983a.exe
-
Size
547KB
-
Sample
210706-e2grwzk4lx
-
MD5
5af2d4f23b526022e3446bf28928983a
-
SHA1
efcb1386b7d4ef0d92df1456434dd38cbd30ff2a
-
SHA256
a5a1d72b8d7045cf92e3fc39b72cf251a015464f1f7920aa028b341d3f646ee8
-
SHA512
0e942d17469ba7e9714a36144ba2ebdcaf25122449249e238e28c17e6c130c5c855992f29b95d96b45f3235a1cca84f21b1761f33d28e2ffc0292675d02e030b
Static task
static1
Behavioral task
behavioral1
Sample
5af2d4f23b526022e3446bf28928983a.exe
Resource
win7v20210410
Malware Config
Extracted
redline
777
193.188.21.24:21977
Targets
-
-
Target
5af2d4f23b526022e3446bf28928983a.exe
-
Size
547KB
-
MD5
5af2d4f23b526022e3446bf28928983a
-
SHA1
efcb1386b7d4ef0d92df1456434dd38cbd30ff2a
-
SHA256
a5a1d72b8d7045cf92e3fc39b72cf251a015464f1f7920aa028b341d3f646ee8
-
SHA512
0e942d17469ba7e9714a36144ba2ebdcaf25122449249e238e28c17e6c130c5c855992f29b95d96b45f3235a1cca84f21b1761f33d28e2ffc0292675d02e030b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-