General
-
Target
8f6c7a779aad2fcebfde67b679378445
-
Size
3MB
-
Sample
210915-hkr7vaaab3
-
MD5
8f6c7a779aad2fcebfde67b679378445
-
SHA1
c2861843b930684f3c15b779e1027ffffe96bcc7
-
SHA256
7feb71e0bcd24d21e20f423434b4c9971c174c9e1aafedab36e2ecab1ff3a5bf
-
SHA512
cbc525092ac6ec65b64944a1708ff102d2019acbf10ad3739a99cd8bb4892f601535028304e957b10fbae19f2d96d9c2f416cc6c79051d4efe651bc03f78fc34
Static task
static1
Behavioral task
behavioral1
Sample
8f6c7a779aad2fcebfde67b679378445.exe
Resource
win7-en
Malware Config
Extracted
redline
Orix1
92.222.145.236:60837
Targets
-
-
Target
8f6c7a779aad2fcebfde67b679378445
-
Size
3MB
-
MD5
8f6c7a779aad2fcebfde67b679378445
-
SHA1
c2861843b930684f3c15b779e1027ffffe96bcc7
-
SHA256
7feb71e0bcd24d21e20f423434b4c9971c174c9e1aafedab36e2ecab1ff3a5bf
-
SHA512
cbc525092ac6ec65b64944a1708ff102d2019acbf10ad3739a99cd8bb4892f601535028304e957b10fbae19f2d96d9c2f416cc6c79051d4efe651bc03f78fc34
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-