General
-
Target
ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf
-
Size
765KB
-
Sample
210921-pak44scbbl
-
MD5
2be66ce2b5cfdfec51cdc633577f0cb4
-
SHA1
baf35c5c0fc89199e61010d2d52013c2d67cc6c6
-
SHA256
ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf
-
SHA512
8e75844260c6b353feffb5b524e21f8373f6bdf3eefe1fdbb6e201fb8331de63be3256150118f340f9c6eba0b06c495e3e3589afb67a82743449fa28ecf7484a
Static task
static1
Malware Config
Extracted
redline
3
116.203.27.211:4803
Targets
-
-
Target
ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf
-
Size
765KB
-
MD5
2be66ce2b5cfdfec51cdc633577f0cb4
-
SHA1
baf35c5c0fc89199e61010d2d52013c2d67cc6c6
-
SHA256
ebbfcc02fe6c1b6705b1ffddc64961aaba4702fad5495201d594f72086267daf
-
SHA512
8e75844260c6b353feffb5b524e21f8373f6bdf3eefe1fdbb6e201fb8331de63be3256150118f340f9c6eba0b06c495e3e3589afb67a82743449fa28ecf7484a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-