General
-
Target
a1a005a4d811a9d28e788f9f259bc779.exe
-
Size
114KB
-
Sample
210727-7hrg9x4mre
-
MD5
a1a005a4d811a9d28e788f9f259bc779
-
SHA1
2b3dd21fabda2d3be84bc60e26f53d995514ab0b
-
SHA256
4cb49a8991c4cb4b86302e68dc84ed87fb8890abb4627f8e8a589d4d4b15412c
-
SHA512
389d8515d766c7cf3d43bc5d8289890117db25fb632bfb0fb3d96e82596248c8d225157e3eb2528c8dbaf8d2a52386680480581bb9fef4aa177199e676ed2b7c
Static task
static1
Behavioral task
behavioral1
Sample
a1a005a4d811a9d28e788f9f259bc779.exe
Resource
win7v20210408
Malware Config
Extracted
redline
poir
194.33.45.147:46868
Targets
-
-
Target
a1a005a4d811a9d28e788f9f259bc779.exe
-
Size
114KB
-
MD5
a1a005a4d811a9d28e788f9f259bc779
-
SHA1
2b3dd21fabda2d3be84bc60e26f53d995514ab0b
-
SHA256
4cb49a8991c4cb4b86302e68dc84ed87fb8890abb4627f8e8a589d4d4b15412c
-
SHA512
389d8515d766c7cf3d43bc5d8289890117db25fb632bfb0fb3d96e82596248c8d225157e3eb2528c8dbaf8d2a52386680480581bb9fef4aa177199e676ed2b7c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-