General
-
Target
4d4bc0c39fc901c1a86ef43fc3bf189a.exe
-
Size
743KB
-
Sample
210811-skj5dsny9s
-
MD5
4d4bc0c39fc901c1a86ef43fc3bf189a
-
SHA1
4736a94c30917e695ebf58f674632575e383d571
-
SHA256
1db3436f625cebe977fb3a664dda374d3873e50d4f4f46c50a258949905f7494
-
SHA512
62bcb7214a1f7c3143ee69f4b188cfea38369d2d7b736891bc1a280334cfd2c31d994f99a1da890203ea638ff17b82c4481f765de4bb9ff3b37dcdc11f46dee6
Static task
static1
Behavioral task
behavioral1
Sample
4d4bc0c39fc901c1a86ef43fc3bf189a.exe
Resource
win7v20210408
Malware Config
Extracted
redline
RUZ
sandedean.xyz:80
Targets
-
-
Target
4d4bc0c39fc901c1a86ef43fc3bf189a.exe
-
Size
743KB
-
MD5
4d4bc0c39fc901c1a86ef43fc3bf189a
-
SHA1
4736a94c30917e695ebf58f674632575e383d571
-
SHA256
1db3436f625cebe977fb3a664dda374d3873e50d4f4f46c50a258949905f7494
-
SHA512
62bcb7214a1f7c3143ee69f4b188cfea38369d2d7b736891bc1a280334cfd2c31d994f99a1da890203ea638ff17b82c4481f765de4bb9ff3b37dcdc11f46dee6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-