General
-
Target
916eab0f33683c4bbf663caf71a052eb0c51e8560eefa72ae41e206d9f0a58e1
-
Size
27KB
-
Sample
211121-2ms2pseedj
-
MD5
32c5d0e883cee334d6a8a59838b9c455
-
SHA1
fe2e414d8bee2f4b04c6e92e03a83d34a58ccf5f
-
SHA256
916eab0f33683c4bbf663caf71a052eb0c51e8560eefa72ae41e206d9f0a58e1
-
SHA512
9466da69ead216b99cd91de0fe25208a47d32900657c2ca4263c187e5207a0669affbbfd964ab6511d4818bdb303de5812b72986535eaf1c94255042c16371f4
Static task
static1
Malware Config
Extracted
redline
proliv
116.202.110.68:48426
Targets
-
-
Target
916eab0f33683c4bbf663caf71a052eb0c51e8560eefa72ae41e206d9f0a58e1
-
Size
27KB
-
MD5
32c5d0e883cee334d6a8a59838b9c455
-
SHA1
fe2e414d8bee2f4b04c6e92e03a83d34a58ccf5f
-
SHA256
916eab0f33683c4bbf663caf71a052eb0c51e8560eefa72ae41e206d9f0a58e1
-
SHA512
9466da69ead216b99cd91de0fe25208a47d32900657c2ca4263c187e5207a0669affbbfd964ab6511d4818bdb303de5812b72986535eaf1c94255042c16371f4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-