General
-
Target
1fe945f3bec81b904912a702ca72a674a01374471653f4faebf61ce326145530
-
Size
435KB
-
Sample
211121-kqvk9sdfem
-
MD5
e12209fce0519090586f1632f675df56
-
SHA1
7614e266c04bafca3c5d0eefb46f60fd6901ba1a
-
SHA256
1fe945f3bec81b904912a702ca72a674a01374471653f4faebf61ce326145530
-
SHA512
1fcd7c793ca40818dcf38806b6b8e612840261d8e77de8b1fc2f49cf4d0d49a2b0331c3058fbae3f8be65c04f04f1149c34872075cc2c8bce1481801cc176503
Static task
static1
Behavioral task
behavioral1
Sample
1fe945f3bec81b904912a702ca72a674a01374471653f4faebf61ce326145530.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
1823930346
185.92.74.63:10829
Targets
-
-
Target
1fe945f3bec81b904912a702ca72a674a01374471653f4faebf61ce326145530
-
Size
435KB
-
MD5
e12209fce0519090586f1632f675df56
-
SHA1
7614e266c04bafca3c5d0eefb46f60fd6901ba1a
-
SHA256
1fe945f3bec81b904912a702ca72a674a01374471653f4faebf61ce326145530
-
SHA512
1fcd7c793ca40818dcf38806b6b8e612840261d8e77de8b1fc2f49cf4d0d49a2b0331c3058fbae3f8be65c04f04f1149c34872075cc2c8bce1481801cc176503
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-