General
-
Target
mixazed_20210714-163432
-
Size
225KB
-
Sample
210714-7we9t1zeke
-
MD5
56a632be6c6d5904301e78f739cefd73
-
SHA1
acb64f79993625f0da05207f0ba7f26517786fdb
-
SHA256
1c11dfc196eca178e505a906b57afbb27a84a19b0fc64ca6977ad99230b459ef
-
SHA512
99db44d1cc4cd6d7661d5a54bb60469b6cd42921f52a5e7b56513a6f3423a5ef73297055a86005ed0d0d37b9bf9de3334b6dcc1a70b8466c0d309814e3244796
Static task
static1
Behavioral task
behavioral1
Sample
mixazed_20210714-163432.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
mixazed_20210714-163432.exe
Resource
win10v20210408
Malware Config
Extracted
redline
club78
91.219.62.16:33526
Targets
-
-
Target
mixazed_20210714-163432
-
Size
225KB
-
MD5
56a632be6c6d5904301e78f739cefd73
-
SHA1
acb64f79993625f0da05207f0ba7f26517786fdb
-
SHA256
1c11dfc196eca178e505a906b57afbb27a84a19b0fc64ca6977ad99230b459ef
-
SHA512
99db44d1cc4cd6d7661d5a54bb60469b6cd42921f52a5e7b56513a6f3423a5ef73297055a86005ed0d0d37b9bf9de3334b6dcc1a70b8466c0d309814e3244796
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-