General
-
Target
a6befa356a10c28bdf6c2de0a59a571e81c4bd4ae021a2ebadb5a8f79c2e931f
-
Size
909KB
-
Sample
210821-evhfbhbsq2
-
MD5
95578bb409b7f69e40d5acbbe823b39a
-
SHA1
352334f29542d3883c83221af27d58598561e7ec
-
SHA256
a6befa356a10c28bdf6c2de0a59a571e81c4bd4ae021a2ebadb5a8f79c2e931f
-
SHA512
3f1243fbe0dc81913b6c5d179d7f5528d1d4f1c9de436c6622f7c3c29de7d68437eb69c7aa2dc72981e80e844922c78e6ef5e1c733ffc89cac834a72468e5176
Static task
static1
Malware Config
Extracted
redline
RUZ
oltorarrar.xyz:80
Targets
-
-
Target
a6befa356a10c28bdf6c2de0a59a571e81c4bd4ae021a2ebadb5a8f79c2e931f
-
Size
909KB
-
MD5
95578bb409b7f69e40d5acbbe823b39a
-
SHA1
352334f29542d3883c83221af27d58598561e7ec
-
SHA256
a6befa356a10c28bdf6c2de0a59a571e81c4bd4ae021a2ebadb5a8f79c2e931f
-
SHA512
3f1243fbe0dc81913b6c5d179d7f5528d1d4f1c9de436c6622f7c3c29de7d68437eb69c7aa2dc72981e80e844922c78e6ef5e1c733ffc89cac834a72468e5176
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-