General
-
Target
37b17ce0ed1fcc87e0f94f0039686901af4c6e822a7d514eafca4c5faae88f0b
-
Size
2.1MB
-
Sample
211114-jasw3agaf3
-
MD5
03efae21eae96e2e8c788217b0e68377
-
SHA1
ba46c911a47cced4b72a68d5e3083f6e0e153e45
-
SHA256
37b17ce0ed1fcc87e0f94f0039686901af4c6e822a7d514eafca4c5faae88f0b
-
SHA512
4fa856972b7174b333e9aa1142834c6c25c2d31958cf7379f10ca2a948f99e134943e2a3c591ad88fd06d1d2d6fefa906eec6998c6c90f208b89b8bf11326d4c
Static task
static1
Behavioral task
behavioral1
Sample
37b17ce0ed1fcc87e0f94f0039686901af4c6e822a7d514eafca4c5faae88f0b.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
ОШИБКА
185.183.32.161:45391
Extracted
redline
11/13
94.103.9.133:1169
Targets
-
-
Target
37b17ce0ed1fcc87e0f94f0039686901af4c6e822a7d514eafca4c5faae88f0b
-
Size
2.1MB
-
MD5
03efae21eae96e2e8c788217b0e68377
-
SHA1
ba46c911a47cced4b72a68d5e3083f6e0e153e45
-
SHA256
37b17ce0ed1fcc87e0f94f0039686901af4c6e822a7d514eafca4c5faae88f0b
-
SHA512
4fa856972b7174b333e9aa1142834c6c25c2d31958cf7379f10ca2a948f99e134943e2a3c591ad88fd06d1d2d6fefa906eec6998c6c90f208b89b8bf11326d4c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-