General
-
Target
installer.exe
-
Size
598KB
-
Sample
210914-ydyztabbgr
-
MD5
239394fafc18ebb639f8fad447bdb0af
-
SHA1
e4ffb14ea1ad842d144bf829cbcfa27461ba8981
-
SHA256
9cb48f855afbd1e83c9ba2060592b4da0a8cf3a57f5a37fcf5aa27effcc878a4
-
SHA512
b2da692e0dafd618c8f4301aa7f6e5903663931345211b688599de7641cdd883fffc691cb744720281a033fdd33f36c187d72328b1b0296491dbe4516aa0bc15
Static task
static1
Behavioral task
behavioral1
Sample
installer.exe
Resource
win7-en
Behavioral task
behavioral2
Sample
installer.exe
Resource
win11
Behavioral task
behavioral3
Sample
installer.exe
Resource
win10v20210408
Malware Config
Extracted
redline
H
185.180.231.69:2796
Targets
-
-
Target
installer.exe
-
Size
598KB
-
MD5
239394fafc18ebb639f8fad447bdb0af
-
SHA1
e4ffb14ea1ad842d144bf829cbcfa27461ba8981
-
SHA256
9cb48f855afbd1e83c9ba2060592b4da0a8cf3a57f5a37fcf5aa27effcc878a4
-
SHA512
b2da692e0dafd618c8f4301aa7f6e5903663931345211b688599de7641cdd883fffc691cb744720281a033fdd33f36c187d72328b1b0296491dbe4516aa0bc15
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-