General
-
Target
dcf84c21_eY_nx8sntA
-
Size
587KB
-
Sample
210816-qv1m6lqdse
-
MD5
dcf84c217bf5be49d9db99bb5a295897
-
SHA1
0cda4df173173098271056cce845a62e7e4a5483
-
SHA256
47f301e20b3b3bcbaab349739caa6a836f63ca954ec3410aaf3ab5f67e13a5fa
-
SHA512
0e6642ea4a8adb73c3bf7321a1b426821744852dcf52b22cf6a91e49c10b640eaf4c9640f38508ddea12037cd3e9f259b9eb37f98462e18950fb4e30a9439ee0
Static task
static1
Behavioral task
behavioral1
Sample
dcf84c21_eY_nx8sntA.exe
Resource
win7v20210410
Malware Config
Extracted
redline
dibild
135.148.139.222:33569
Targets
-
-
Target
dcf84c21_eY_nx8sntA
-
Size
587KB
-
MD5
dcf84c217bf5be49d9db99bb5a295897
-
SHA1
0cda4df173173098271056cce845a62e7e4a5483
-
SHA256
47f301e20b3b3bcbaab349739caa6a836f63ca954ec3410aaf3ab5f67e13a5fa
-
SHA512
0e6642ea4a8adb73c3bf7321a1b426821744852dcf52b22cf6a91e49c10b640eaf4c9640f38508ddea12037cd3e9f259b9eb37f98462e18950fb4e30a9439ee0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-