General
-
Target
671faba0eb9abca8a2548f6a522ce2949b655ad273dbe8cc8db61378f088bc96
-
Size
739KB
-
Sample
210915-hzyceaaag5
-
MD5
9b5c35af1cfbbd60500b69f830b51032
-
SHA1
a1053b4031ac666f846d056a08360e174b463344
-
SHA256
671faba0eb9abca8a2548f6a522ce2949b655ad273dbe8cc8db61378f088bc96
-
SHA512
f9ca0dd8a1c95a7e7593f3733d6db6969c362c5ccf351ad423bac38e2ca4adb016618f87f3da76a17549f981e1eb5f53d3e6b0308a6354457749bf1b2e16fa72
Static task
static1
Behavioral task
behavioral1
Sample
671faba0eb9abca8a2548f6a522ce2949b655ad273dbe8cc8db61378f088bc96.exe
Resource
win7v20210408
Malware Config
Extracted
redline
adsGOOGLE
95.217.152.142:43710
Targets
-
-
Target
671faba0eb9abca8a2548f6a522ce2949b655ad273dbe8cc8db61378f088bc96
-
Size
739KB
-
MD5
9b5c35af1cfbbd60500b69f830b51032
-
SHA1
a1053b4031ac666f846d056a08360e174b463344
-
SHA256
671faba0eb9abca8a2548f6a522ce2949b655ad273dbe8cc8db61378f088bc96
-
SHA512
f9ca0dd8a1c95a7e7593f3733d6db6969c362c5ccf351ad423bac38e2ca4adb016618f87f3da76a17549f981e1eb5f53d3e6b0308a6354457749bf1b2e16fa72
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-