General
-
Target
ce15f44e49d68e40d5968e43cee8ae82458fd08fe2173a9c74f552ac6e314457
-
Size
22KB
-
Sample
211022-vvgkbacgfq
-
MD5
64420e27dd8930254ff853f4bbcfbbf4
-
SHA1
8be849e123a4c9cb877ae1f147e32df89ec92b06
-
SHA256
ce15f44e49d68e40d5968e43cee8ae82458fd08fe2173a9c74f552ac6e314457
-
SHA512
07f7fb56c033150ca2a0d2fa28a9f5a48f84b234f138675beaa9eb21cd0b95e6532ce0ed85a14b6737b0754450beb73be42d36ec9621774489a5ffe687e67b27
Static task
static1
Malware Config
Extracted
redline
installs
103.246.146.160:6677
Targets
-
-
Target
ce15f44e49d68e40d5968e43cee8ae82458fd08fe2173a9c74f552ac6e314457
-
Size
22KB
-
MD5
64420e27dd8930254ff853f4bbcfbbf4
-
SHA1
8be849e123a4c9cb877ae1f147e32df89ec92b06
-
SHA256
ce15f44e49d68e40d5968e43cee8ae82458fd08fe2173a9c74f552ac6e314457
-
SHA512
07f7fb56c033150ca2a0d2fa28a9f5a48f84b234f138675beaa9eb21cd0b95e6532ce0ed85a14b6737b0754450beb73be42d36ec9621774489a5ffe687e67b27
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Turns off Windows Defender SpyNet reporting
-
Nirsoft
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-