General
-
Target
d7a4223e43b194c93b0663e8e319fbaa
-
Size
204KB
-
Sample
211001-y5jzzadbe7
-
MD5
d7a4223e43b194c93b0663e8e319fbaa
-
SHA1
d6cbe3198b1875a485773496b0e9c2b944b23133
-
SHA256
ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2
-
SHA512
e4dac4cbe21956caed99d65d0753119b2df38444b0a6831cd1008b80cf4a6a581e25ef07c1c2ff2cd010dd8d94bcadec4c5812751f8a1f02428cb11f8b37c13c
Static task
static1
Behavioral task
behavioral1
Sample
d7a4223e43b194c93b0663e8e319fbaa.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
d7a4223e43b194c93b0663e8e319fbaa.exe
Resource
win10v20210408
Malware Config
Extracted
redline
@soul3ss
95.216.43.58:40566
Targets
-
-
Target
d7a4223e43b194c93b0663e8e319fbaa
-
Size
204KB
-
MD5
d7a4223e43b194c93b0663e8e319fbaa
-
SHA1
d6cbe3198b1875a485773496b0e9c2b944b23133
-
SHA256
ff96c05cc539eae59ea43c37f1996372589b33aa2ba3a9bdc5a1e7b20b1f75b2
-
SHA512
e4dac4cbe21956caed99d65d0753119b2df38444b0a6831cd1008b80cf4a6a581e25ef07c1c2ff2cd010dd8d94bcadec4c5812751f8a1f02428cb11f8b37c13c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-