General
-
Target
76bb47a862406207a8e60779ab38a7a335b54aa893384c5f3a275059fddfcf55
-
Size
584KB
-
Sample
211119-pgh84adcf3
-
MD5
9c615b6b1e28e42040b618fb634adad7
-
SHA1
b0685c6bf569505b693a84fe072b99ecbd9bfdef
-
SHA256
76bb47a862406207a8e60779ab38a7a335b54aa893384c5f3a275059fddfcf55
-
SHA512
e27efa69f0452377059ae765005e353f13a2ee47780e68f07b2d16f2f3b06e826d33c50e82151b843a7c0a84355d403d84c80b5ac36a87bf51b636ae4aae7d72
Static task
static1
Malware Config
Extracted
redline
xxluchxx1
212.86.102.63:62907
Targets
-
-
Target
76bb47a862406207a8e60779ab38a7a335b54aa893384c5f3a275059fddfcf55
-
Size
584KB
-
MD5
9c615b6b1e28e42040b618fb634adad7
-
SHA1
b0685c6bf569505b693a84fe072b99ecbd9bfdef
-
SHA256
76bb47a862406207a8e60779ab38a7a335b54aa893384c5f3a275059fddfcf55
-
SHA512
e27efa69f0452377059ae765005e353f13a2ee47780e68f07b2d16f2f3b06e826d33c50e82151b843a7c0a84355d403d84c80b5ac36a87bf51b636ae4aae7d72
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-