General
-
Target
215780b0ede9fa802540127e703d19db.exe
-
Size
191KB
-
Sample
210727-pxtadm1h4x
-
MD5
215780b0ede9fa802540127e703d19db
-
SHA1
21b73769af967c94bc9ca2ce734c60ae858d12fd
-
SHA256
ede58b194ccbae4f7791de9dc2dff85077c69065061d44585e7f2410efbca877
-
SHA512
aeeafe0b87be2984a23dd838166acb5ea4e6b4e3e126cdf0401f498df7feff4f1b44f3641d4a52619d3b80b5c9a2ddb9b07c411e2ecaa7f8380ce86687e39cbf
Static task
static1
Behavioral task
behavioral1
Sample
215780b0ede9fa802540127e703d19db.exe
Resource
win7v20210410
Malware Config
Extracted
redline
727
qumaranero.xyz:80
Targets
-
-
Target
215780b0ede9fa802540127e703d19db.exe
-
Size
191KB
-
MD5
215780b0ede9fa802540127e703d19db
-
SHA1
21b73769af967c94bc9ca2ce734c60ae858d12fd
-
SHA256
ede58b194ccbae4f7791de9dc2dff85077c69065061d44585e7f2410efbca877
-
SHA512
aeeafe0b87be2984a23dd838166acb5ea4e6b4e3e126cdf0401f498df7feff4f1b44f3641d4a52619d3b80b5c9a2ddb9b07c411e2ecaa7f8380ce86687e39cbf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-