General
-
Target
system.zip
-
Size
10.2MB
-
Sample
210727-sr2axec1ws
-
MD5
d0e380eaaa9acbab5a7b46335ca80ff3
-
SHA1
b58302b536f10ade5b9de0648bcb564421be7195
-
SHA256
4602481a7b412f265ef10b4199eebdef8035f9ea47870507c53e1be14cd8c36b
-
SHA512
020afdb29a290256baa99af06b6306754c8102a06a0fd9b429c0cbfd4c92936009990e316e4264e6da2bacf8ec68d2c2406c6024420432aaae4d22d360d99a0f
Static task
static1
Behavioral task
behavioral1
Sample
CODUnlockAllTool.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
system.dll
Resource
win10v20210410
Malware Config
Extracted
redline
@keciler1
dishontesa.xyz:80
Targets
-
-
Target
CODUnlockAllTool.exe
-
Size
365KB
-
MD5
14c3638c64de46bee97333288e6ffc63
-
SHA1
b487c650206783a25a5aeeceaf266da8edbb9d77
-
SHA256
5ebd4e341126782acf0e2ae9878cc590b8e0bb4e4bcaa1cf9d4caedd50819646
-
SHA512
d3129c607fa276246539358bb592207b05a945738836df85e44f8e8366717ecbddf6ba421ac8e055a406ad93a0391118335fe662b9825c5f36bfa2dba07645e3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
system.dll
-
Size
10.3MB
-
MD5
491bd2e961c6fe528e82baa12c198018
-
SHA1
3ee364791dac102a4491f0e13a8dfbc5f0ee94a8
-
SHA256
229b3dfbee8168608f983c089f9d0c07127523859e102d9e1efaac018b5d3650
-
SHA512
d63dd8ac173ab04cc74c42f17695c75a0d8e81edad53133f1fb63b428e4f480f90767aa515ee9e1be92f3cd4fb30f13b03f8bee57f3bf6b7d21c789515fb3134
Score1/10 -