General
-
Target
b33bc799128d0e630270f09393c5f4dae1867782fbde2.exe
-
Size
262KB
-
Sample
210731-v6ebqxj6z6
-
MD5
b7db02446d1f0cc21a2259227b021313
-
SHA1
77099382728356ad71d80226c90754a75e29fb06
-
SHA256
b33bc799128d0e630270f09393c5f4dae1867782fbde21db3d7f6d5f945625d2
-
SHA512
10ab722f5369e22357530ab73e6416e4ed616ffd5c29ea3f520b5830bd316e5ec9689c588ba95288dc09a0cc4c840c6abeb2c84823839606dc029a9f6d0c94e0
Static task
static1
Behavioral task
behavioral1
Sample
b33bc799128d0e630270f09393c5f4dae1867782fbde2.exe
Resource
win7v20210410
Malware Config
Extracted
redline
youngboy
176.57.69.178:59510
Targets
-
-
Target
b33bc799128d0e630270f09393c5f4dae1867782fbde2.exe
-
Size
262KB
-
MD5
b7db02446d1f0cc21a2259227b021313
-
SHA1
77099382728356ad71d80226c90754a75e29fb06
-
SHA256
b33bc799128d0e630270f09393c5f4dae1867782fbde21db3d7f6d5f945625d2
-
SHA512
10ab722f5369e22357530ab73e6416e4ed616ffd5c29ea3f520b5830bd316e5ec9689c588ba95288dc09a0cc4c840c6abeb2c84823839606dc029a9f6d0c94e0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-