General
-
Target
20e9069cee1f45478ad701e6591959c3.exe
-
Size
611KB
-
Sample
210820-g6la3mfg3a
-
MD5
20e9069cee1f45478ad701e6591959c3
-
SHA1
1b555ff58a7b6d6899148dff7b7049d5f5a416fb
-
SHA256
427d73d80919455ae07701d2a84e6b242ea2ecc0adc345648bc3f236ffb6cb9a
-
SHA512
cf54118f9c4f2f1bdd1df7a15c7508afd1f66140f13a55bebe904b0afbccfaadbe48891b38015ea6527a2eea0d0b543980370e48922a08886ccfd45eb00e3a8f
Static task
static1
Behavioral task
behavioral1
Sample
20e9069cee1f45478ad701e6591959c3.exe
Resource
win7v20210408
Malware Config
Extracted
redline
20_8_rs
jekorikani.xyz:80
Targets
-
-
Target
20e9069cee1f45478ad701e6591959c3.exe
-
Size
611KB
-
MD5
20e9069cee1f45478ad701e6591959c3
-
SHA1
1b555ff58a7b6d6899148dff7b7049d5f5a416fb
-
SHA256
427d73d80919455ae07701d2a84e6b242ea2ecc0adc345648bc3f236ffb6cb9a
-
SHA512
cf54118f9c4f2f1bdd1df7a15c7508afd1f66140f13a55bebe904b0afbccfaadbe48891b38015ea6527a2eea0d0b543980370e48922a08886ccfd45eb00e3a8f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-