General
-
Target
d6ed1121a95f3c89ac53466948f22fd03c34f450ebfb4e9c60acb281be5e58d3
-
Size
390KB
-
Sample
211129-cgawhaeac9
-
MD5
72e0227b6471f5beaebe7be20171276b
-
SHA1
e03e962370d83102dd2834740c9c45396f12c919
-
SHA256
d6ed1121a95f3c89ac53466948f22fd03c34f450ebfb4e9c60acb281be5e58d3
-
SHA512
d7600d4db97a834734041988d3dbe1f6ca90b69955eaf0bf296ce6226da2f9993a43ef61be539c2e1fba5c69f8137146abf2367403c6c5f962a9ed942d743b4a
Static task
static1
Behavioral task
behavioral1
Sample
d6ed1121a95f3c89ac53466948f22fd03c34f450ebfb4e9c60acb281be5e58d3.exe
Resource
win10-en-20211104
Malware Config
Extracted
redline
zaliv kub korm
molerreneta.xyz:80
Targets
-
-
Target
d6ed1121a95f3c89ac53466948f22fd03c34f450ebfb4e9c60acb281be5e58d3
-
Size
390KB
-
MD5
72e0227b6471f5beaebe7be20171276b
-
SHA1
e03e962370d83102dd2834740c9c45396f12c919
-
SHA256
d6ed1121a95f3c89ac53466948f22fd03c34f450ebfb4e9c60acb281be5e58d3
-
SHA512
d7600d4db97a834734041988d3dbe1f6ca90b69955eaf0bf296ce6226da2f9993a43ef61be539c2e1fba5c69f8137146abf2367403c6c5f962a9ed942d743b4a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-