General
-
Target
3760fafd1e5ee645aaef604ff52ffa90b563bc13bfbc18e9b3af523b3ebf20b5
-
Size
796KB
-
Sample
210811-nc5f7qn1qj
-
MD5
a974c0caddd12b9920902ef72ffdad0c
-
SHA1
bf559198597d137f81eb52e1071389de96514ab4
-
SHA256
3760fafd1e5ee645aaef604ff52ffa90b563bc13bfbc18e9b3af523b3ebf20b5
-
SHA512
8d3e5d97380919592ce4123cbc7e0a25665aa5d0f0fd55a3b1553b341689d441278f46898f72e1faedce1a8b84dd7a35d6a9c32399e74df967b5d3e9d80bb729
Static task
static1
Malware Config
Extracted
redline
RUZ
sandedean.xyz:80
Targets
-
-
Target
3760fafd1e5ee645aaef604ff52ffa90b563bc13bfbc18e9b3af523b3ebf20b5
-
Size
796KB
-
MD5
a974c0caddd12b9920902ef72ffdad0c
-
SHA1
bf559198597d137f81eb52e1071389de96514ab4
-
SHA256
3760fafd1e5ee645aaef604ff52ffa90b563bc13bfbc18e9b3af523b3ebf20b5
-
SHA512
8d3e5d97380919592ce4123cbc7e0a25665aa5d0f0fd55a3b1553b341689d441278f46898f72e1faedce1a8b84dd7a35d6a9c32399e74df967b5d3e9d80bb729
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-