General
-
Target
cb97d7578c07fbadf1d6655faf4230cb.exe
-
Size
370KB
-
Sample
210723-dhwdvmcgaj
-
MD5
cb97d7578c07fbadf1d6655faf4230cb
-
SHA1
54b971448bcfb6a913e460ce4aec72bf131103a9
-
SHA256
35db5b59f62e3dc3187c543b4e5cd623f5c3905f89ae046877c2fa5b69cf5e39
-
SHA512
10cddef68909644c66d1d241a249e1db1b344ef57cabe9247b05b9168e1fe20092711f43bceba1244f8d8d54495fca1b15c8f0aa31067942aaa7a26ab6f2df2a
Static task
static1
Behavioral task
behavioral1
Sample
cb97d7578c07fbadf1d6655faf4230cb.exe
Resource
win7v20210408
Malware Config
Extracted
redline
sel20
dwarimlari.xyz:80
Targets
-
-
Target
cb97d7578c07fbadf1d6655faf4230cb.exe
-
Size
370KB
-
MD5
cb97d7578c07fbadf1d6655faf4230cb
-
SHA1
54b971448bcfb6a913e460ce4aec72bf131103a9
-
SHA256
35db5b59f62e3dc3187c543b4e5cd623f5c3905f89ae046877c2fa5b69cf5e39
-
SHA512
10cddef68909644c66d1d241a249e1db1b344ef57cabe9247b05b9168e1fe20092711f43bceba1244f8d8d54495fca1b15c8f0aa31067942aaa7a26ab6f2df2a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-