General
-
Target
d103bc56f99481a96ab75ccdda306779.exe
-
Size
668KB
-
Sample
210926-vmdhpafbe9
-
MD5
d103bc56f99481a96ab75ccdda306779
-
SHA1
f8f2b50dc6856df0cb04621d1304eddbbf83b200
-
SHA256
2ce8d973cfa6136067a71b1c0377b99bcef1fcc7e56eb9a0fbc89d6e188954a0
-
SHA512
25a1effe96a83354e58b0d53c0f003d06d7ea49c1833c6bc26c534266a180e8d167db4e00238df0c97da6a0639b3ab300b162ad6a6e7039756ea0c67ba314924
Static task
static1
Behavioral task
behavioral1
Sample
d103bc56f99481a96ab75ccdda306779.exe
Resource
win7-en-20210920
Malware Config
Extracted
redline
maliao
185.118.165.93:4476
Targets
-
-
Target
d103bc56f99481a96ab75ccdda306779.exe
-
Size
668KB
-
MD5
d103bc56f99481a96ab75ccdda306779
-
SHA1
f8f2b50dc6856df0cb04621d1304eddbbf83b200
-
SHA256
2ce8d973cfa6136067a71b1c0377b99bcef1fcc7e56eb9a0fbc89d6e188954a0
-
SHA512
25a1effe96a83354e58b0d53c0f003d06d7ea49c1833c6bc26c534266a180e8d167db4e00238df0c97da6a0639b3ab300b162ad6a6e7039756ea0c67ba314924
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-