General
-
Target
fb8e7a36384ca11de03bc1d2069b8c94.exe
-
Size
591KB
-
Sample
210814-zf9fscqe46
-
MD5
fb8e7a36384ca11de03bc1d2069b8c94
-
SHA1
f786750b3a23a55ab5ec8f66ff2b55ccf95948cc
-
SHA256
7c2cbe5164554e712ea378315877d206e69ad6baefa7426451dfc5d85fbc06fa
-
SHA512
93489ef0f742a09d979f6e3a16590f5a1eb9516d2dfde5680b08238e15a9a7946d319d9b2a2041ffea386063e9b9909bbc5100af3906eca41c0e726b63397eba
Static task
static1
Behavioral task
behavioral1
Sample
fb8e7a36384ca11de03bc1d2069b8c94.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
fb8e7a36384ca11de03bc1d2069b8c94.exe
Resource
win10v20210410
Malware Config
Extracted
redline
@big_tastyyy
glokartenu.xyz:80
Targets
-
-
Target
fb8e7a36384ca11de03bc1d2069b8c94.exe
-
Size
591KB
-
MD5
fb8e7a36384ca11de03bc1d2069b8c94
-
SHA1
f786750b3a23a55ab5ec8f66ff2b55ccf95948cc
-
SHA256
7c2cbe5164554e712ea378315877d206e69ad6baefa7426451dfc5d85fbc06fa
-
SHA512
93489ef0f742a09d979f6e3a16590f5a1eb9516d2dfde5680b08238e15a9a7946d319d9b2a2041ffea386063e9b9909bbc5100af3906eca41c0e726b63397eba
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-