General
-
Target
setup.exe
-
Size
326KB
-
Sample
211015-1aq6xaccgr
-
MD5
32709bcfdee975523b54705841b56c9d
-
SHA1
0f30d1ddadc565d5e20d452b16d98b0b9be22373
-
SHA256
f446e718a89a9174ebd6f4a12624c6512ae6bc6ed7fe2fee0eceb5baf38f77b2
-
SHA512
158fa6d13e355ef3ab9178563dce521ab60ac45a7b719a072ac0d78fa1a4f7f0aa2c62827e2295133dee278f6bc9611461559e413a05351d8a06e0a24d45d918
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
setup.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
@yakuza44
95.181.152.5:46927
Targets
-
-
Target
setup.exe
-
Size
326KB
-
MD5
32709bcfdee975523b54705841b56c9d
-
SHA1
0f30d1ddadc565d5e20d452b16d98b0b9be22373
-
SHA256
f446e718a89a9174ebd6f4a12624c6512ae6bc6ed7fe2fee0eceb5baf38f77b2
-
SHA512
158fa6d13e355ef3ab9178563dce521ab60ac45a7b719a072ac0d78fa1a4f7f0aa2c62827e2295133dee278f6bc9611461559e413a05351d8a06e0a24d45d918
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-