General
-
Target
2A8ADC026B83F069E081F2CA587B3210.exe
-
Size
1.1MB
-
Sample
210926-xq5sfsfcc8
-
MD5
2a8adc026b83f069e081f2ca587b3210
-
SHA1
145a5f9a6577cb906ab6f6dfb66dfc1ac9d1c964
-
SHA256
333c439b7d052386c9060edb4c2b091589c8740bfb9e74c431b3746d4f7b1af9
-
SHA512
870394113132df36002f2b0ddc31e7e5283ef8e96c7cbc5444a0b04dd82a4f68ac1290899ddd22231a61e45a54a4f0314d9fd1fe02f2dbb00bfd89b0bbfc27dd
Static task
static1
Behavioral task
behavioral1
Sample
2A8ADC026B83F069E081F2CA587B3210.exe
Resource
win7-en-20210920
Malware Config
Extracted
redline
7
185.183.98.2:80
Targets
-
-
Target
2A8ADC026B83F069E081F2CA587B3210.exe
-
Size
1.1MB
-
MD5
2a8adc026b83f069e081f2ca587b3210
-
SHA1
145a5f9a6577cb906ab6f6dfb66dfc1ac9d1c964
-
SHA256
333c439b7d052386c9060edb4c2b091589c8740bfb9e74c431b3746d4f7b1af9
-
SHA512
870394113132df36002f2b0ddc31e7e5283ef8e96c7cbc5444a0b04dd82a4f68ac1290899ddd22231a61e45a54a4f0314d9fd1fe02f2dbb00bfd89b0bbfc27dd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-