General
-
Target
Zz7RR7rXlZGNlYe2MPaS__R2.exe
-
Size
364KB
-
Sample
210720-spk9c6xc6x
-
MD5
feae24e878230fff4bad62996c1d0325
-
SHA1
1191311e26f9909341da8982934863dfa3089992
-
SHA256
0afeecacdddfdd9a9609abba82f70ccfd06d668536b09220c34e807e5f3b8557
-
SHA512
0ae2dd7e3c95dbfe425eeb22e7ba4b0688f06df026513bac786fe9f60868594a316333f646128188e8b911c6682e7603670ee20673a9f8f320a2626ba7fe7575
Static task
static1
Behavioral task
behavioral1
Sample
Zz7RR7rXlZGNlYe2MPaS__R2.exe
Resource
win7v20210410
Malware Config
Extracted
redline
sel17
dwarimlari.xyz:80
Targets
-
-
Target
Zz7RR7rXlZGNlYe2MPaS__R2.exe
-
Size
364KB
-
MD5
feae24e878230fff4bad62996c1d0325
-
SHA1
1191311e26f9909341da8982934863dfa3089992
-
SHA256
0afeecacdddfdd9a9609abba82f70ccfd06d668536b09220c34e807e5f3b8557
-
SHA512
0ae2dd7e3c95dbfe425eeb22e7ba4b0688f06df026513bac786fe9f60868594a316333f646128188e8b911c6682e7603670ee20673a9f8f320a2626ba7fe7575
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-