General
-
Target
1acc21279a17e3c916fede86ef4f8a66.exe
-
Size
608KB
-
Sample
210706-rpk47yk56x
-
MD5
1acc21279a17e3c916fede86ef4f8a66
-
SHA1
04cdbd056d8cfff49c51e96d7ab3ce771bc12753
-
SHA256
2e641d4ca1ec2d70e05dcfea340e14375c20cc66dcb964c003a43a71ae8ea911
-
SHA512
396d6e11555d8ff17684f190e11843ed352079aa5d784a144dd9d02465881e5eac0616cfee27dafc1cc18362b87a22da03e3de758d5f19c52fc3b8ebf143105a
Static task
static1
Behavioral task
behavioral1
Sample
1acc21279a17e3c916fede86ef4f8a66.exe
Resource
win7v20210410
Malware Config
Extracted
redline
777
193.124.57.88:14540
Targets
-
-
Target
1acc21279a17e3c916fede86ef4f8a66.exe
-
Size
608KB
-
MD5
1acc21279a17e3c916fede86ef4f8a66
-
SHA1
04cdbd056d8cfff49c51e96d7ab3ce771bc12753
-
SHA256
2e641d4ca1ec2d70e05dcfea340e14375c20cc66dcb964c003a43a71ae8ea911
-
SHA512
396d6e11555d8ff17684f190e11843ed352079aa5d784a144dd9d02465881e5eac0616cfee27dafc1cc18362b87a22da03e3de758d5f19c52fc3b8ebf143105a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-