General
-
Target
5102339d0c7798a4b2e76da45ba388fe.exe
-
Size
393KB
-
Sample
211123-j3xeyscfd2
-
MD5
5102339d0c7798a4b2e76da45ba388fe
-
SHA1
5cc4d9a585e440ba9e432aa513ec12756ffb6694
-
SHA256
f8b3c35d8acac0edaaf2f294e616a341e60d52e1dea41d0fab08e950ca0ad8ee
-
SHA512
c129500d17c1e03ed1cdc6c047c93c15bddbba4aa11a46173d351ef06452be9115be85ebdb0215f2fa28d0e1b53a46e238636bd1cd0a4f114a4f7253db36d77e
Static task
static1
Behavioral task
behavioral1
Sample
5102339d0c7798a4b2e76da45ba388fe.exe
Resource
win7-en-20211104
Malware Config
Extracted
redline
wir
45.87.154.220:16714
Targets
-
-
Target
5102339d0c7798a4b2e76da45ba388fe.exe
-
Size
393KB
-
MD5
5102339d0c7798a4b2e76da45ba388fe
-
SHA1
5cc4d9a585e440ba9e432aa513ec12756ffb6694
-
SHA256
f8b3c35d8acac0edaaf2f294e616a341e60d52e1dea41d0fab08e950ca0ad8ee
-
SHA512
c129500d17c1e03ed1cdc6c047c93c15bddbba4aa11a46173d351ef06452be9115be85ebdb0215f2fa28d0e1b53a46e238636bd1cd0a4f114a4f7253db36d77e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-