General
-
Target
EFT Hack.exe
-
Size
350KB
-
Sample
211115-js9mjaheh9
-
MD5
8a5f138470d1421585b558043b8d26fa
-
SHA1
56759e6f4c2eb180fb449ddb620f5219a809b5b8
-
SHA256
f7971194bce16c44ebfe7a2fcca4f2c1dbfedb50394b2fa90e789caafdef07cc
-
SHA512
cd041591b172a02eb176fbdf47d7582dba547c253efd248c1ea45fc06161d0f4e0d84e7e8455690412ee6a194f7475fbb762fccd927afe95d6e3193460e3dd7e
Static task
static1
Behavioral task
behavioral1
Sample
EFT Hack.exe
Resource
win7-en-20211104
Malware Config
Extracted
redline
23.88.109.42:55961
Extracted
redline
xxluchxx1
212.86.102.63:62907
Targets
-
-
Target
EFT Hack.exe
-
Size
350KB
-
MD5
8a5f138470d1421585b558043b8d26fa
-
SHA1
56759e6f4c2eb180fb449ddb620f5219a809b5b8
-
SHA256
f7971194bce16c44ebfe7a2fcca4f2c1dbfedb50394b2fa90e789caafdef07cc
-
SHA512
cd041591b172a02eb176fbdf47d7582dba547c253efd248c1ea45fc06161d0f4e0d84e7e8455690412ee6a194f7475fbb762fccd927afe95d6e3193460e3dd7e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-