General
-
Target
e7159045fdcc60709a383b499babb67269dc4f5f2cfb0.exe
-
Size
156KB
-
Sample
210718-t3y24h475s
-
MD5
707b7a4f6897dfda1902302e6302223b
-
SHA1
0520dc9a893b80a9299172087c0a86cc6179a75e
-
SHA256
e7159045fdcc60709a383b499babb67269dc4f5f2cfb01d21d6753555d1e41e6
-
SHA512
3b2d8458023af7d2ed959cc05dccab4b44f211a24d9bf1e24211b47307924502e5c736a51a9aead09db00a759bd948775d512d20f78719e14662a58f069be965
Static task
static1
Behavioral task
behavioral1
Sample
e7159045fdcc60709a383b499babb67269dc4f5f2cfb0.exe
Resource
win7v20210408
Malware Config
Extracted
redline
comelekko
194.233.74.11:58910
Targets
-
-
Target
e7159045fdcc60709a383b499babb67269dc4f5f2cfb0.exe
-
Size
156KB
-
MD5
707b7a4f6897dfda1902302e6302223b
-
SHA1
0520dc9a893b80a9299172087c0a86cc6179a75e
-
SHA256
e7159045fdcc60709a383b499babb67269dc4f5f2cfb01d21d6753555d1e41e6
-
SHA512
3b2d8458023af7d2ed959cc05dccab4b44f211a24d9bf1e24211b47307924502e5c736a51a9aead09db00a759bd948775d512d20f78719e14662a58f069be965
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-