General
-
Target
4d97a3f97aeeebb6e15603acba4108e09254581222131.exe
-
Size
377KB
-
Sample
210801-fhftpzm7pa
-
MD5
a03809a5458f9f12ea149bdfe0db7c1d
-
SHA1
38351e59798b861e2386c48fc5133af681464e2a
-
SHA256
4d97a3f97aeeebb6e15603acba4108e0925458122213136d3a15e7283569512c
-
SHA512
1a75674adb9dd00a9ee97a56fa354683611800f5fc336cc741d11943659761038fd169f73a1f65aafeda074658ee795ef414b6a701bf0bbc4f33fb53867fb115
Static task
static1
Behavioral task
behavioral1
Sample
4d97a3f97aeeebb6e15603acba4108e09254581222131.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4d97a3f97aeeebb6e15603acba4108e09254581222131.exe
Resource
win10v20210408
Malware Config
Extracted
redline
Version 4.02
149.202.65.221:64206
Targets
-
-
Target
4d97a3f97aeeebb6e15603acba4108e09254581222131.exe
-
Size
377KB
-
MD5
a03809a5458f9f12ea149bdfe0db7c1d
-
SHA1
38351e59798b861e2386c48fc5133af681464e2a
-
SHA256
4d97a3f97aeeebb6e15603acba4108e0925458122213136d3a15e7283569512c
-
SHA512
1a75674adb9dd00a9ee97a56fa354683611800f5fc336cc741d11943659761038fd169f73a1f65aafeda074658ee795ef414b6a701bf0bbc4f33fb53867fb115
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-