General
-
Target
0E20CF739B29D8CEC327FB844EC14768.exe
-
Size
277KB
-
Sample
210809-w526bxwrd6
-
MD5
0e20cf739b29d8cec327fb844ec14768
-
SHA1
29780b98a0ff2d007e4a57d8ab3c508a05ac05fb
-
SHA256
6df12a8a4199cfbcb9a3b846e9ed77ad34a434a9d34364f5d54df78f20b95701
-
SHA512
adcc18bc6dec04dde919ab2ea432344347b498f511a4f6a89ace766b50cb76b888cf122e1246ea1c602aa89fb1c303b2cb74c4fa72f7cc123b8b6c205a8c6772
Static task
static1
Behavioral task
behavioral1
Sample
0E20CF739B29D8CEC327FB844EC14768.exe
Resource
win7v20210408
Malware Config
Extracted
redline
UPD
193.56.146.78:54955
Targets
-
-
Target
0E20CF739B29D8CEC327FB844EC14768.exe
-
Size
277KB
-
MD5
0e20cf739b29d8cec327fb844ec14768
-
SHA1
29780b98a0ff2d007e4a57d8ab3c508a05ac05fb
-
SHA256
6df12a8a4199cfbcb9a3b846e9ed77ad34a434a9d34364f5d54df78f20b95701
-
SHA512
adcc18bc6dec04dde919ab2ea432344347b498f511a4f6a89ace766b50cb76b888cf122e1246ea1c602aa89fb1c303b2cb74c4fa72f7cc123b8b6c205a8c6772
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-