General
-
Target
a0b9e8233184f431bb27bf239b7fc1a0.exe
-
Size
819KB
-
Sample
210926-vk1kfafbe6
-
MD5
a0b9e8233184f431bb27bf239b7fc1a0
-
SHA1
4b5e662b64a83e1bb22644085b2b88cc3f084360
-
SHA256
1e31f411b06517388b7adbcc5bc918f3985d447f710aa9711926faf68d044f9a
-
SHA512
3fbb0f6e0811dd2f21bf0e53095aacd6acdeae074ae97828e01b0518cc27e2af3cbdb4541f5f76dd5f3dca19631675ef1fcc171dc8f13903f0d922131a53e5b2
Static task
static1
Behavioral task
behavioral1
Sample
a0b9e8233184f431bb27bf239b7fc1a0.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
a0b9e8233184f431bb27bf239b7fc1a0.exe
Resource
win10v20210408
Malware Config
Extracted
redline
51.91.193.179:5048
Targets
-
-
Target
a0b9e8233184f431bb27bf239b7fc1a0.exe
-
Size
819KB
-
MD5
a0b9e8233184f431bb27bf239b7fc1a0
-
SHA1
4b5e662b64a83e1bb22644085b2b88cc3f084360
-
SHA256
1e31f411b06517388b7adbcc5bc918f3985d447f710aa9711926faf68d044f9a
-
SHA512
3fbb0f6e0811dd2f21bf0e53095aacd6acdeae074ae97828e01b0518cc27e2af3cbdb4541f5f76dd5f3dca19631675ef1fcc171dc8f13903f0d922131a53e5b2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-