General
-
Target
3ab3dcbfc91a93907310d08a68b7f9ef028b6d7fdc33606e84c1aef4f8f49622
-
Size
585KB
-
Sample
210826-k1c7kyb4fn
-
MD5
f0bff275d0a34d7cbe7b114a80884efc
-
SHA1
4fa96b7e91b6820351a869e2d009a80cba26759e
-
SHA256
3ab3dcbfc91a93907310d08a68b7f9ef028b6d7fdc33606e84c1aef4f8f49622
-
SHA512
c386585831fe3cb902e794003e1b43afd3645b4717a6782905272d561571bf663ef30daa66b25f2a92f874fe01b3580ed00a11b91588514ee597d468f5f4c49e
Static task
static1
Malware Config
Extracted
redline
dibild2
135.148.139.222:1494
Targets
-
-
Target
3ab3dcbfc91a93907310d08a68b7f9ef028b6d7fdc33606e84c1aef4f8f49622
-
Size
585KB
-
MD5
f0bff275d0a34d7cbe7b114a80884efc
-
SHA1
4fa96b7e91b6820351a869e2d009a80cba26759e
-
SHA256
3ab3dcbfc91a93907310d08a68b7f9ef028b6d7fdc33606e84c1aef4f8f49622
-
SHA512
c386585831fe3cb902e794003e1b43afd3645b4717a6782905272d561571bf663ef30daa66b25f2a92f874fe01b3580ed00a11b91588514ee597d468f5f4c49e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-