General
-
Target
70b6050624c2833c34181a75275a609a.exe
-
Size
1.2MB
-
Sample
210804-jvze7zn6jn
-
MD5
70b6050624c2833c34181a75275a609a
-
SHA1
bafdf7ba1adc69ba408f892d4067dd950307cfcc
-
SHA256
1ba0e44040e713ddc5dea6e5645c58f2c4131d907343e4eb67b3c704bdd2d4d8
-
SHA512
07180cc89ab0c8108a0ff60c173aaee1879b4478b4fc8885bba1ec67694a40bf1f80f001cad07fa1873bc05c492decbcab0dca094fd8f96bd754b775299afd79
Static task
static1
Behavioral task
behavioral1
Sample
70b6050624c2833c34181a75275a609a.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
70b6050624c2833c34181a75275a609a.exe
Resource
win10v20210410
Malware Config
Extracted
redline
Build Smailik
195.149.87.79:12439
Targets
-
-
Target
70b6050624c2833c34181a75275a609a.exe
-
Size
1.2MB
-
MD5
70b6050624c2833c34181a75275a609a
-
SHA1
bafdf7ba1adc69ba408f892d4067dd950307cfcc
-
SHA256
1ba0e44040e713ddc5dea6e5645c58f2c4131d907343e4eb67b3c704bdd2d4d8
-
SHA512
07180cc89ab0c8108a0ff60c173aaee1879b4478b4fc8885bba1ec67694a40bf1f80f001cad07fa1873bc05c492decbcab0dca094fd8f96bd754b775299afd79
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-