General
-
Target
a61f6f94009c04607f1ba923adcaba0d.exe
-
Size
796KB
-
Sample
210722-585yx5xsz2
-
MD5
a61f6f94009c04607f1ba923adcaba0d
-
SHA1
71b964ba1d7a6ddcebb9fadf29efba3f440c00af
-
SHA256
36022c868a49fc44968f6647239106f536b2cae40340ad69e3772f7be482daf7
-
SHA512
0d108e686fa33405b2deb127de0cb4ab60d9960d1af43ea4886496f8249c131da8a5a378b6f61b3d8e09179a295e2a7365b01d2db22d0fd916ce3190904a97dd
Static task
static1
Behavioral task
behavioral1
Sample
a61f6f94009c04607f1ba923adcaba0d.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
a61f6f94009c04607f1ba923adcaba0d.exe
Resource
win10v20210410
Malware Config
Extracted
redline
@bestiefFcs
37.46.128.72:29799
Targets
-
-
Target
a61f6f94009c04607f1ba923adcaba0d.exe
-
Size
796KB
-
MD5
a61f6f94009c04607f1ba923adcaba0d
-
SHA1
71b964ba1d7a6ddcebb9fadf29efba3f440c00af
-
SHA256
36022c868a49fc44968f6647239106f536b2cae40340ad69e3772f7be482daf7
-
SHA512
0d108e686fa33405b2deb127de0cb4ab60d9960d1af43ea4886496f8249c131da8a5a378b6f61b3d8e09179a295e2a7365b01d2db22d0fd916ce3190904a97dd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Looks for VMWare Tools registry key
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-