General
-
Target
d25b9fd890934c9c49a43526314e53ec784c0e2cbb54c158bd134aba50de686e
-
Size
390KB
-
Sample
211113-wy1b9sccfn
-
MD5
e639300660165b56b26ae9e713bd2ccd
-
SHA1
5adad051d0ba86205809c645d18b2beb956da656
-
SHA256
d25b9fd890934c9c49a43526314e53ec784c0e2cbb54c158bd134aba50de686e
-
SHA512
792ea87cce0929bbf03d9c8775067124298f4fd83405b562ddcd2a0b69e0c0579b14a33508ba4b972f40c8dca8bd84df05ae5fa220f25cb933e7be738e11ce1e
Static task
static1
Malware Config
Extracted
redline
almZ
50.18.71.252:12081
Targets
-
-
Target
d25b9fd890934c9c49a43526314e53ec784c0e2cbb54c158bd134aba50de686e
-
Size
390KB
-
MD5
e639300660165b56b26ae9e713bd2ccd
-
SHA1
5adad051d0ba86205809c645d18b2beb956da656
-
SHA256
d25b9fd890934c9c49a43526314e53ec784c0e2cbb54c158bd134aba50de686e
-
SHA512
792ea87cce0929bbf03d9c8775067124298f4fd83405b562ddcd2a0b69e0c0579b14a33508ba4b972f40c8dca8bd84df05ae5fa220f25cb933e7be738e11ce1e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-