General
-
Target
517c0693df0caebe05d0f5a75a9cb63c613121854f6b6177157e77dfbcfb9e18
-
Size
469KB
-
Sample
211107-yykb6aahh9
-
MD5
199ec17fa8be3e87cf4aae0e1c0e696c
-
SHA1
1611af72e38f3ecda6beca2354e50fdcfb8d58d6
-
SHA256
517c0693df0caebe05d0f5a75a9cb63c613121854f6b6177157e77dfbcfb9e18
-
SHA512
7f2c45ad1433cee9a73bdde2497665fa0aa4197d7040c048e3cf1a0d7616d4b137c98b1dc6fa65e37f6f192a6d35285b074c6c51e061c77934d36e2d68024f34
Static task
static1
Behavioral task
behavioral1
Sample
517c0693df0caebe05d0f5a75a9cb63c613121854f6b6177157e77dfbcfb9e18.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
2
194.127.179.8:23382
Targets
-
-
Target
517c0693df0caebe05d0f5a75a9cb63c613121854f6b6177157e77dfbcfb9e18
-
Size
469KB
-
MD5
199ec17fa8be3e87cf4aae0e1c0e696c
-
SHA1
1611af72e38f3ecda6beca2354e50fdcfb8d58d6
-
SHA256
517c0693df0caebe05d0f5a75a9cb63c613121854f6b6177157e77dfbcfb9e18
-
SHA512
7f2c45ad1433cee9a73bdde2497665fa0aa4197d7040c048e3cf1a0d7616d4b137c98b1dc6fa65e37f6f192a6d35285b074c6c51e061c77934d36e2d68024f34
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-