General
-
Target
Setup.rar
-
Size
984KB
-
Sample
211023-t1c9eacdc6
-
MD5
a594066602971fd490314deb88063efb
-
SHA1
0dd8615ee4371ccaa38de79660256f5071b17894
-
SHA256
16dad4519d9152ab6089dbf1f5987b1a1041921281e0b7ea023240e3a8614a59
-
SHA512
f3ea04655dccb0b10192b1c97421037514e9f41585548f38f99963f18d973831cdd5ea87f7b173b7a20bd36b43fef9fc61a927a2e83e75d569d1384b79d9445f
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10-en-20210920
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
333.8MB
-
MD5
e1752b67d6336d141615d1842698ecfe
-
SHA1
216bf305f1cf34d7e5ffba36b280494b7b03cdf0
-
SHA256
cd1ae60f06cb76918ef4f3aecb47685214554d4301e975b6b396bf9e0cefe413
-
SHA512
9a41ab35393012c3f3b85e9d4d026b45f0d9c1cfa0700e79f0bc4dc93d28ae7e734fe07f991ec0de6fc44999e7c2f7abe054eea26d806f0fb72716be120d7530
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-