General
-
Target
4d2881108d102f5bdc0fc292f0d123c0
-
Size
806KB
-
Sample
210818-nvsbg2jnnj
-
MD5
4d2881108d102f5bdc0fc292f0d123c0
-
SHA1
2fffcaa9d39849ff8fc8b7c6e9659744af91206a
-
SHA256
c095ab547c4a1ce16be8742ab6ebbd79989a304fdabdcbfae390087d4c438592
-
SHA512
7389689cc3300cc731891d6a7bffed2a661a7d1550fa3f8cfc50cd104502ed4a2587decc74e376c22b5293925dd86e54ae5b48c580082153aa00ee53e75ef6bf
Static task
static1
Behavioral task
behavioral1
Sample
4d2881108d102f5bdc0fc292f0d123c0.exe
Resource
win7v20210408
Malware Config
Extracted
redline
RUZ
oltorarrar.xyz:80
Targets
-
-
Target
4d2881108d102f5bdc0fc292f0d123c0
-
Size
806KB
-
MD5
4d2881108d102f5bdc0fc292f0d123c0
-
SHA1
2fffcaa9d39849ff8fc8b7c6e9659744af91206a
-
SHA256
c095ab547c4a1ce16be8742ab6ebbd79989a304fdabdcbfae390087d4c438592
-
SHA512
7389689cc3300cc731891d6a7bffed2a661a7d1550fa3f8cfc50cd104502ed4a2587decc74e376c22b5293925dd86e54ae5b48c580082153aa00ee53e75ef6bf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-