General
-
Target
Fri05a277b9a3d2.exe
-
Size
383KB
-
Sample
211022-rz8mtacfdp
-
MD5
8958066e38eb4b70f922db2c23457c18
-
SHA1
27aff4aed5d4c782e9170ba124a3a1f90d979e6a
-
SHA256
3f3a020f63daef5ffa7c2eb9014452dfa913cc6ff977e5747e6f0c854d849358
-
SHA512
c2b73802a4b3350290d40bf2aa3942d92239eea4f69ab13fcce84090093e13d7950e3c32d565880a9ec74b8898cb82bb63e04a53505d9ef5f3aea812f8a68236
Static task
static1
Behavioral task
behavioral1
Sample
Fri05a277b9a3d2.exe
Resource
win7-ja-20210920
Behavioral task
behavioral2
Sample
Fri05a277b9a3d2.exe
Resource
win7-en-20211014
Behavioral task
behavioral3
Sample
Fri05a277b9a3d2.exe
Resource
win7-de-20210920
Behavioral task
behavioral4
Sample
Fri05a277b9a3d2.exe
Resource
win11
Behavioral task
behavioral5
Sample
Fri05a277b9a3d2.exe
Resource
win10-ja-20211014
Behavioral task
behavioral6
Sample
Fri05a277b9a3d2.exe
Resource
win10-en-20211014
Behavioral task
behavioral7
Sample
Fri05a277b9a3d2.exe
Resource
win10-de-20210920
Malware Config
Extracted
redline
media21
91.121.67.60:23325
Targets
-
-
Target
Fri05a277b9a3d2.exe
-
Size
383KB
-
MD5
8958066e38eb4b70f922db2c23457c18
-
SHA1
27aff4aed5d4c782e9170ba124a3a1f90d979e6a
-
SHA256
3f3a020f63daef5ffa7c2eb9014452dfa913cc6ff977e5747e6f0c854d849358
-
SHA512
c2b73802a4b3350290d40bf2aa3942d92239eea4f69ab13fcce84090093e13d7950e3c32d565880a9ec74b8898cb82bb63e04a53505d9ef5f3aea812f8a68236
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Registers COM server for autorun
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-