General
-
Target
3ea681f7-da05-43ee-b4c9-acdee8c2f47c
-
Size
723KB
-
Sample
210726-q32cl1z9ga
-
MD5
5c7a96e9e751658f051daa79ac1e4cf0
-
SHA1
786f93d12910979c125ae6de7335d1aa80b5ed3e
-
SHA256
a6d3f74228ee18a19579010cd5fe3cc98f2c53dc43452325ba57a69f1253d7a5
-
SHA512
e624b68903efab2b7cd287b8c48e8afb08399770d0533238de2d0e17944dde9d8587041de81499b8c8b737bdbfb9e87f06539cdfff5c0d8da2713916512e0de9
Static task
static1
Behavioral task
behavioral1
Sample
3ea681f7-da05-43ee-b4c9-acdee8c2f47c.exe
Resource
win7v20210410
Malware Config
Extracted
redline
stanntinab.xyz:80
Targets
-
-
Target
3ea681f7-da05-43ee-b4c9-acdee8c2f47c
-
Size
723KB
-
MD5
5c7a96e9e751658f051daa79ac1e4cf0
-
SHA1
786f93d12910979c125ae6de7335d1aa80b5ed3e
-
SHA256
a6d3f74228ee18a19579010cd5fe3cc98f2c53dc43452325ba57a69f1253d7a5
-
SHA512
e624b68903efab2b7cd287b8c48e8afb08399770d0533238de2d0e17944dde9d8587041de81499b8c8b737bdbfb9e87f06539cdfff5c0d8da2713916512e0de9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-