General
-
Target
usfive_20210722-081943
-
Size
233KB
-
Sample
210722-6hv44abjsj
-
MD5
be15a91a3cddd3a3ba758832d1e7a515
-
SHA1
ce2bd92b5759a6481b6ff0be18643df2307e16f4
-
SHA256
85468a1878e4cc6b61461ca9c5acfed71c58eb8307c278fe8a1657cc4d607f53
-
SHA512
d2b0bc331ae2c3169e8913d34e43a2b745f0b4f9023263008c9a31809a60eb656b50990d5b4a9eaefa641abd9bd252d19c7785cc3910d3643c7ecbb7c7a1282f
Static task
static1
Behavioral task
behavioral1
Sample
usfive_20210722-081943.exe
Resource
win7v20210410
Malware Config
Extracted
redline
lujo
45.67.228.116:49859
Targets
-
-
Target
usfive_20210722-081943
-
Size
233KB
-
MD5
be15a91a3cddd3a3ba758832d1e7a515
-
SHA1
ce2bd92b5759a6481b6ff0be18643df2307e16f4
-
SHA256
85468a1878e4cc6b61461ca9c5acfed71c58eb8307c278fe8a1657cc4d607f53
-
SHA512
d2b0bc331ae2c3169e8913d34e43a2b745f0b4f9023263008c9a31809a60eb656b50990d5b4a9eaefa641abd9bd252d19c7785cc3910d3643c7ecbb7c7a1282f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-