General
-
Target
f471bf615ef92f5ee73b48fe203373de
-
Size
365KB
-
Sample
210722-tpjvs6dbx2
-
MD5
f471bf615ef92f5ee73b48fe203373de
-
SHA1
11f0b6de8d4baf8e039f6244438ebb05bc589923
-
SHA256
d5608cba3115764a7758fa21c3e2f69724418dc48a8d0f5aaabe7efb71e2f28f
-
SHA512
f06355be0e0e4f7996412c23f3feb703c4181678fbbe655cb9dad9e07c07186f7f5d9ae91e4cf33daaacdc29519bc0b5c047ee365e7ae19948c2b4074794738d
Static task
static1
Behavioral task
behavioral1
Sample
f471bf615ef92f5ee73b48fe203373de.exe
Resource
win7v20210410
Malware Config
Extracted
redline
MARA
kurinogti.info:80
Targets
-
-
Target
f471bf615ef92f5ee73b48fe203373de
-
Size
365KB
-
MD5
f471bf615ef92f5ee73b48fe203373de
-
SHA1
11f0b6de8d4baf8e039f6244438ebb05bc589923
-
SHA256
d5608cba3115764a7758fa21c3e2f69724418dc48a8d0f5aaabe7efb71e2f28f
-
SHA512
f06355be0e0e4f7996412c23f3feb703c4181678fbbe655cb9dad9e07c07186f7f5d9ae91e4cf33daaacdc29519bc0b5c047ee365e7ae19948c2b4074794738d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-