General
-
Target
d2792e1448fdf7a225b51b4688b855c9.exe
-
Size
176KB
-
Sample
210722-tnelct4ky2
-
MD5
d2792e1448fdf7a225b51b4688b855c9
-
SHA1
5e00613e000595c45914848ef69b820208c19eba
-
SHA256
02e9bbebcc372e37d18f0dfed9c2dc5e50a23b7305aa3527accedba48bbd8432
-
SHA512
6de5d993a70604c26be7b2ea6b069ee17abf5df412a43bdc9812d7403925d383d12be07c35a712f6dfca79e43ecc362c3135cd8eb27a0ec690ca46394dcb9215
Static task
static1
Behavioral task
behavioral1
Sample
d2792e1448fdf7a225b51b4688b855c9.exe
Resource
win7v20210410
Malware Config
Extracted
redline
z0rm1on
77.220.213.35:52349
Targets
-
-
Target
d2792e1448fdf7a225b51b4688b855c9.exe
-
Size
176KB
-
MD5
d2792e1448fdf7a225b51b4688b855c9
-
SHA1
5e00613e000595c45914848ef69b820208c19eba
-
SHA256
02e9bbebcc372e37d18f0dfed9c2dc5e50a23b7305aa3527accedba48bbd8432
-
SHA512
6de5d993a70604c26be7b2ea6b069ee17abf5df412a43bdc9812d7403925d383d12be07c35a712f6dfca79e43ecc362c3135cd8eb27a0ec690ca46394dcb9215
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-