General
-
Target
b101ca5b6677700fcfb325b5b66dbb474ba7811ecb0f8ce41f624508b9e9d2b5
-
Size
338KB
-
Sample
211114-24ntbadhfl
-
MD5
d83cad616e858959947a4d0efe5ee721
-
SHA1
a58e27038e5033d33a0a297bfe8238c6e78839ba
-
SHA256
b101ca5b6677700fcfb325b5b66dbb474ba7811ecb0f8ce41f624508b9e9d2b5
-
SHA512
cc3c4e0b4e51b9dab4b3e449f9ceaa2f7ef2f0c4198784190839fdb5f7239376476fdd0b4aa482436591802bddd32f8e5914f7b1b5f97c8950bcc7769d5c12b8
Static task
static1
Malware Config
Extracted
redline
91.243.32.23:12780
Extracted
redline
xxluchxx1
212.86.102.63:62907
Targets
-
-
Target
b101ca5b6677700fcfb325b5b66dbb474ba7811ecb0f8ce41f624508b9e9d2b5
-
Size
338KB
-
MD5
d83cad616e858959947a4d0efe5ee721
-
SHA1
a58e27038e5033d33a0a297bfe8238c6e78839ba
-
SHA256
b101ca5b6677700fcfb325b5b66dbb474ba7811ecb0f8ce41f624508b9e9d2b5
-
SHA512
cc3c4e0b4e51b9dab4b3e449f9ceaa2f7ef2f0c4198784190839fdb5f7239376476fdd0b4aa482436591802bddd32f8e5914f7b1b5f97c8950bcc7769d5c12b8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-