General
-
Target
e02a33e22776a56ea53ccd8f9d1afa7e
-
Size
358KB
-
Sample
210707-fds75mm292
-
MD5
e02a33e22776a56ea53ccd8f9d1afa7e
-
SHA1
5b09b60da63a4170e1a8385faa5de64739e66386
-
SHA256
f9c2f3c090ddc6fcf53b1a8704164658c4e8bfee2215e5a3af8642da9e2b7b78
-
SHA512
4ca5dc7ee4205fb11bc1f8fa2f640fde2aa5a2aa6d7ac0ddb1cb600b12b5ccf3cc4d55cbaf26064556edc5bdaf5fa17bce0d55559f36f02a0ae99831b2998328
Static task
static1
Behavioral task
behavioral1
Sample
e02a33e22776a56ea53ccd8f9d1afa7e.exe
Resource
win7v20210410
Malware Config
Extracted
redline
PROLIV_8K
45.144.29.224:23426
Targets
-
-
Target
e02a33e22776a56ea53ccd8f9d1afa7e
-
Size
358KB
-
MD5
e02a33e22776a56ea53ccd8f9d1afa7e
-
SHA1
5b09b60da63a4170e1a8385faa5de64739e66386
-
SHA256
f9c2f3c090ddc6fcf53b1a8704164658c4e8bfee2215e5a3af8642da9e2b7b78
-
SHA512
4ca5dc7ee4205fb11bc1f8fa2f640fde2aa5a2aa6d7ac0ddb1cb600b12b5ccf3cc4d55cbaf26064556edc5bdaf5fa17bce0d55559f36f02a0ae99831b2998328
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-