General
-
Target
usfive_20210926-140047
-
Size
1.1MB
-
Sample
210926-n9gejaeha3
-
MD5
ee5b41fbd6ee965394116e2e1d5aa5a8
-
SHA1
70a648ca5622fbc16a96188671c6ba001c49fbf2
-
SHA256
d10544139ffbcd7ffc09da204db4afcb11d5895e6a6716dbb769dd935adaa700
-
SHA512
164b6676cc2e4c68fff428450bc9481d2c3698ef3f644f47c5901ca46c46d006c70b4a3496b57eadbf888dbb808ec5598cdfffed30386f6e4f946696886ecdad
Static task
static1
Behavioral task
behavioral1
Sample
usfive_20210926-140047.exe
Resource
win7v20210408
Malware Config
Extracted
redline
qwe454
45.140.146.240:42628
Targets
-
-
Target
usfive_20210926-140047
-
Size
1.1MB
-
MD5
ee5b41fbd6ee965394116e2e1d5aa5a8
-
SHA1
70a648ca5622fbc16a96188671c6ba001c49fbf2
-
SHA256
d10544139ffbcd7ffc09da204db4afcb11d5895e6a6716dbb769dd935adaa700
-
SHA512
164b6676cc2e4c68fff428450bc9481d2c3698ef3f644f47c5901ca46c46d006c70b4a3496b57eadbf888dbb808ec5598cdfffed30386f6e4f946696886ecdad
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-