General
-
Target
907876df0427090d4661a0b1dbc1e39c8cef859f7b6872cf2ed1f2fdc1c250f4
-
Size
727KB
-
Sample
210821-xtg45jtx6s
-
MD5
33e12da8c235ff1459e0f0a8fabee0ec
-
SHA1
f1d1afc7d92ce245ec16a5fe6046817b65abfcf3
-
SHA256
907876df0427090d4661a0b1dbc1e39c8cef859f7b6872cf2ed1f2fdc1c250f4
-
SHA512
cd592c8deca609e7556ecb866d835b655a37ba5593f8ffad48933e3644fe6c53fa2073ad6841e69d46fd7136fbc495f59e33d943cc234507f0d19713eda3fb27
Static task
static1
Malware Config
Extracted
redline
RUZ
oltorarrar.xyz:80
Targets
-
-
Target
907876df0427090d4661a0b1dbc1e39c8cef859f7b6872cf2ed1f2fdc1c250f4
-
Size
727KB
-
MD5
33e12da8c235ff1459e0f0a8fabee0ec
-
SHA1
f1d1afc7d92ce245ec16a5fe6046817b65abfcf3
-
SHA256
907876df0427090d4661a0b1dbc1e39c8cef859f7b6872cf2ed1f2fdc1c250f4
-
SHA512
cd592c8deca609e7556ecb866d835b655a37ba5593f8ffad48933e3644fe6c53fa2073ad6841e69d46fd7136fbc495f59e33d943cc234507f0d19713eda3fb27
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-