General
-
Target
fde8fe5dce7787acbb104ae4d1496bdb7d18d21f6e66ce0fc59c055d20f68a61
-
Size
996KB
-
Sample
211202-jfss9afge9
-
MD5
a1babf0484d8b02a2488d7e5f7360cf2
-
SHA1
1a1888655f4d514d430ecb4eb4e62f76108776fd
-
SHA256
fde8fe5dce7787acbb104ae4d1496bdb7d18d21f6e66ce0fc59c055d20f68a61
-
SHA512
a30e380f135f51f85a109d95ec959c3b8744fc4e1e26fb7b6d8743ece2183191e72b64f8794e002f9eb097a2a8937177648f2642c12bbaf0a16e84bfa8b949aa
Static task
static1
Malware Config
Extracted
redline
1.12.2021
95.217.213.248:42382
Targets
-
-
Target
fde8fe5dce7787acbb104ae4d1496bdb7d18d21f6e66ce0fc59c055d20f68a61
-
Size
996KB
-
MD5
a1babf0484d8b02a2488d7e5f7360cf2
-
SHA1
1a1888655f4d514d430ecb4eb4e62f76108776fd
-
SHA256
fde8fe5dce7787acbb104ae4d1496bdb7d18d21f6e66ce0fc59c055d20f68a61
-
SHA512
a30e380f135f51f85a109d95ec959c3b8744fc4e1e26fb7b6d8743ece2183191e72b64f8794e002f9eb097a2a8937177648f2642c12bbaf0a16e84bfa8b949aa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-