General
-
Target
590c0685d8cc2f5d23602e8473c32890
-
Size
390KB
-
Sample
211119-btke2agegq
-
MD5
590c0685d8cc2f5d23602e8473c32890
-
SHA1
68df83deff120e437febe7a42e21e3215e509e8d
-
SHA256
7f6a7840f3498c2790fbd18dcb4256d4b1a827d48dc0e4d24469abf9e3593172
-
SHA512
96b402251e1309bd6189dbdc42d41bce04a9cede9b230e78b738242729e890bc8060daa11a3c28309ae67221083aea60289cfb634d40cb382d573deb36152426
Static task
static1
Behavioral task
behavioral1
Sample
590c0685d8cc2f5d23602e8473c32890.exe
Resource
win7-en-20211014
Malware Config
Extracted
redline
Test1
144.76.245.112:51981
Targets
-
-
Target
590c0685d8cc2f5d23602e8473c32890
-
Size
390KB
-
MD5
590c0685d8cc2f5d23602e8473c32890
-
SHA1
68df83deff120e437febe7a42e21e3215e509e8d
-
SHA256
7f6a7840f3498c2790fbd18dcb4256d4b1a827d48dc0e4d24469abf9e3593172
-
SHA512
96b402251e1309bd6189dbdc42d41bce04a9cede9b230e78b738242729e890bc8060daa11a3c28309ae67221083aea60289cfb634d40cb382d573deb36152426
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-