General
-
Target
e94c03bf_FmDX0ot1rV
-
Size
133KB
-
Sample
210912-fq6w3scaa8
-
MD5
e94c03bf1cbff770e90406954facc8b4
-
SHA1
9ac6860c9d4111589b449d01c4e18f810b210ec0
-
SHA256
38dc4e38d96f69ac8e843be6f6361dc4f790bca1b36cb08e9070e193079ef951
-
SHA512
e410c574ae4dd21d98f35fad82b1f382ffaaef40b7ff1a757cc95bbe1f39ddf4e0e0e31a771f65b73370609151504dc4cdae5375c9132097ae882b64365271d5
Static task
static1
Behavioral task
behavioral1
Sample
e94c03bf_FmDX0ot1rV.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
e94c03bf_FmDX0ot1rV.exe
Resource
win10v20210408
Malware Config
Extracted
redline
@alan_miller102
45.138.72.64:46815
Targets
-
-
Target
e94c03bf_FmDX0ot1rV
-
Size
133KB
-
MD5
e94c03bf1cbff770e90406954facc8b4
-
SHA1
9ac6860c9d4111589b449d01c4e18f810b210ec0
-
SHA256
38dc4e38d96f69ac8e843be6f6361dc4f790bca1b36cb08e9070e193079ef951
-
SHA512
e410c574ae4dd21d98f35fad82b1f382ffaaef40b7ff1a757cc95bbe1f39ddf4e0e0e31a771f65b73370609151504dc4cdae5375c9132097ae882b64365271d5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-