General
-
Target
ad54fbfa5cd265112f67ea1b4d2e95a7.exe
-
Size
739KB
-
Sample
210727-58znhm85d2
-
MD5
ad54fbfa5cd265112f67ea1b4d2e95a7
-
SHA1
b92e996cffa1ad3b6e6a0c439f1bf21c72ccce51
-
SHA256
57430cbbfebdef7c54698b00102dbd2098aef53ba4bd5fa43660c2e306f53482
-
SHA512
d4a4fc1b25f2f51f5ce6d40dc7277ee51af5004630449595348406663892ed4f2849bd3417b3e484ff409263083833a8c2c00d6758549bd92a901956a48afaf6
Static task
static1
Behavioral task
behavioral1
Sample
ad54fbfa5cd265112f67ea1b4d2e95a7.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ad54fbfa5cd265112f67ea1b4d2e95a7.exe
Resource
win10v20210408
Malware Config
Extracted
redline
@MrHaluyepp
185.80.234.77:17105
Targets
-
-
Target
ad54fbfa5cd265112f67ea1b4d2e95a7.exe
-
Size
739KB
-
MD5
ad54fbfa5cd265112f67ea1b4d2e95a7
-
SHA1
b92e996cffa1ad3b6e6a0c439f1bf21c72ccce51
-
SHA256
57430cbbfebdef7c54698b00102dbd2098aef53ba4bd5fa43660c2e306f53482
-
SHA512
d4a4fc1b25f2f51f5ce6d40dc7277ee51af5004630449595348406663892ed4f2849bd3417b3e484ff409263083833a8c2c00d6758549bd92a901956a48afaf6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-