General
-
Target
704DF199EB1B0154A645C60364A8A28C.exe
-
Size
943KB
-
Sample
210726-seqzjxs24e
-
MD5
704df199eb1b0154a645c60364a8a28c
-
SHA1
5810a3118f77af1e9b2ea0c0a658244a1b6d2de6
-
SHA256
7a875017c121897c46818f9388f3c8cad4ac574a3b217c1a056f74b333f138c6
-
SHA512
70b3eccce060dc43bac69f4aaacf646d64d96314edd4bb2e45543d41bd5fa0546e314420f1ec6fee33fb7ecf48284b415a4de864c681aaec817fcd3db535c53e
Static task
static1
Behavioral task
behavioral1
Sample
704DF199EB1B0154A645C60364A8A28C.exe
Resource
win7v20210410
Malware Config
Extracted
redline
Game#2
185.170.213.254:56663
Targets
-
-
Target
704DF199EB1B0154A645C60364A8A28C.exe
-
Size
943KB
-
MD5
704df199eb1b0154a645c60364a8a28c
-
SHA1
5810a3118f77af1e9b2ea0c0a658244a1b6d2de6
-
SHA256
7a875017c121897c46818f9388f3c8cad4ac574a3b217c1a056f74b333f138c6
-
SHA512
70b3eccce060dc43bac69f4aaacf646d64d96314edd4bb2e45543d41bd5fa0546e314420f1ec6fee33fb7ecf48284b415a4de864c681aaec817fcd3db535c53e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-