General
-
Target
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061c.exe
-
Size
875KB
-
Sample
211106-yr5dracgen
-
MD5
6441aef8da572f0501246046025c003b
-
SHA1
522662a7e934e94afc6c42a73ddfaede2df82d3c
-
SHA256
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061ca60d6cd1a123f9eafc5
-
SHA512
12ca37966fcaebabf1f5768f4d344c8838ec18e6adbbe5dc9c4b8dafc7e0d2323119706f61586cc8ec5bfbceb561968230efdd1bebe1880f7329e1243d8ae54c
Static task
static1
Behavioral task
behavioral1
Sample
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061c.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061c.exe
Resource
win10-en-20211104
Malware Config
Extracted
redline
next2
bigboobstop.store:34585
boyshipgir.site:34585
Targets
-
-
Target
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061c.exe
-
Size
875KB
-
MD5
6441aef8da572f0501246046025c003b
-
SHA1
522662a7e934e94afc6c42a73ddfaede2df82d3c
-
SHA256
5694c5dc54ff79ecc4c39d5b79c7266309c29016d061ca60d6cd1a123f9eafc5
-
SHA512
12ca37966fcaebabf1f5768f4d344c8838ec18e6adbbe5dc9c4b8dafc7e0d2323119706f61586cc8ec5bfbceb561968230efdd1bebe1880f7329e1243d8ae54c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-