General
-
Target
11E87734F6FE3E23919BF2E3F227C0E4.exe
-
Size
2.8MB
-
Sample
210726-mele6w531s
-
MD5
11e87734f6fe3e23919bf2e3f227c0e4
-
SHA1
a7a0fe43cb86e3f78f7e68d7b3b3ad2b6754619f
-
SHA256
2ab38fdbe562dd5a6be9651562e1523dbf7f3fd7d720d57bc9a25b0e2b665640
-
SHA512
dfc937be57900a52cff8cab2d61b1316955c50fa9508ef538b54fb14f7d14f8f861715d8307c120d9b9567c9e2f87a9e1105216e51d7d500e7caaaa7a96514d7
Static task
static1
Behavioral task
behavioral1
Sample
11E87734F6FE3E23919BF2E3F227C0E4.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
11E87734F6FE3E23919BF2E3F227C0E4.exe
Resource
win10v20210408
Malware Config
Extracted
redline
185.215.113.32:14976
Targets
-
-
Target
11E87734F6FE3E23919BF2E3F227C0E4.exe
-
Size
2.8MB
-
MD5
11e87734f6fe3e23919bf2e3f227c0e4
-
SHA1
a7a0fe43cb86e3f78f7e68d7b3b3ad2b6754619f
-
SHA256
2ab38fdbe562dd5a6be9651562e1523dbf7f3fd7d720d57bc9a25b0e2b665640
-
SHA512
dfc937be57900a52cff8cab2d61b1316955c50fa9508ef538b54fb14f7d14f8f861715d8307c120d9b9567c9e2f87a9e1105216e51d7d500e7caaaa7a96514d7
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-