General
-
Target
6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a.exe
-
Size
552KB
-
Sample
211128-fretzsgadl
-
MD5
c986e3f232dd71ac91e33cbbddf25c0a
-
SHA1
c0d65b2188e25c1e62de1d8bd5c4dc67f49ef248
-
SHA256
6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a493d15fb374ee35f0e9
-
SHA512
e36e7e15e6e8c266e168e9570f8d08082ca8dd2d85cb6edbf5eb61ca63dacfe1db92eed9724346d3c39effa51d14dc65a23c767a4a184447032a19241482dd21
Static task
static1
Behavioral task
behavioral1
Sample
6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a.exe
Resource
win7-en-20211104
Malware Config
Extracted
redline
Robot
178.238.8.47:36439
Extracted
redline
456390
45.77.80.187:15300
Targets
-
-
Target
6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a.exe
-
Size
552KB
-
MD5
c986e3f232dd71ac91e33cbbddf25c0a
-
SHA1
c0d65b2188e25c1e62de1d8bd5c4dc67f49ef248
-
SHA256
6c251106b903b525e3ffa3d0ac5fd47704a0970841f4a493d15fb374ee35f0e9
-
SHA512
e36e7e15e6e8c266e168e9570f8d08082ca8dd2d85cb6edbf5eb61ca63dacfe1db92eed9724346d3c39effa51d14dc65a23c767a4a184447032a19241482dd21
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-