General
-
Target
9E410393702B6902ABDE53FC8B588527.exe
-
Size
2.3MB
-
Sample
210725-9te4m6zab6
-
MD5
9e410393702b6902abde53fc8b588527
-
SHA1
0a4d2250a4d47e4e9993e0e806545d8731fe5b35
-
SHA256
89b9fae297db7b35a1749f0a6c6e322ab31ae7dfc8e877cd48ee9f0119fe94c2
-
SHA512
66353988d7a905232f1a7462397c4cc1eba7eed1a819a6f5ed22ddff050f97624a702d3780c535eef08eac0bebde1b9d4a92f08c35fcab266e6a77ab3c5f5386
Static task
static1
Behavioral task
behavioral1
Sample
9E410393702B6902ABDE53FC8B588527.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
9E410393702B6902ABDE53FC8B588527.exe
Resource
win10v20210408
Malware Config
Extracted
redline
@menvzlomali
xetadycami.xyz:80
Targets
-
-
Target
9E410393702B6902ABDE53FC8B588527.exe
-
Size
2.3MB
-
MD5
9e410393702b6902abde53fc8b588527
-
SHA1
0a4d2250a4d47e4e9993e0e806545d8731fe5b35
-
SHA256
89b9fae297db7b35a1749f0a6c6e322ab31ae7dfc8e877cd48ee9f0119fe94c2
-
SHA512
66353988d7a905232f1a7462397c4cc1eba7eed1a819a6f5ed22ddff050f97624a702d3780c535eef08eac0bebde1b9d4a92f08c35fcab266e6a77ab3c5f5386
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-