General
-
Target
mixazed_20210722-085032
-
Size
1.1MB
-
Sample
210722-nz64n9s91j
-
MD5
ff6f0a35a5c1198e8b0f72822acf90c0
-
SHA1
1a26b1307b1a9c4ca699eeffe316ca5ee696b4bd
-
SHA256
5d3c164a69533582e2fcaaf4d39165a1eeba9c63d1b4a81971e5f2f7ab19513a
-
SHA512
c1f4469570c7b2a899615a9099f5eecdc284d879d26b11ab599e76257c2c7e823c01d64fb864588ecd98ab2ef610cd3d34a2f4c2e1ccf2378bfdbe49568654b8
Static task
static1
Behavioral task
behavioral1
Sample
mixazed_20210722-085032.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
mixazed_20210722-085032.exe
Resource
win10v20210410
Malware Config
Extracted
redline
Nerino 10k
salanoajalio.xyz:80
Targets
-
-
Target
mixazed_20210722-085032
-
Size
1.1MB
-
MD5
ff6f0a35a5c1198e8b0f72822acf90c0
-
SHA1
1a26b1307b1a9c4ca699eeffe316ca5ee696b4bd
-
SHA256
5d3c164a69533582e2fcaaf4d39165a1eeba9c63d1b4a81971e5f2f7ab19513a
-
SHA512
c1f4469570c7b2a899615a9099f5eecdc284d879d26b11ab599e76257c2c7e823c01d64fb864588ecd98ab2ef610cd3d34a2f4c2e1ccf2378bfdbe49568654b8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-