General
-
Target
8325d53e1e1702d9432c67aae6369f46abf9a26f0556d20cb0a04a7040b1ca80
-
Size
64KB
-
Sample
211202-tjhgssacfn
-
MD5
f1e1f1d8e5f3c49ef8823a2e51457219
-
SHA1
6fb928baac53cae00942d28a01cfbcb8758ad9cc
-
SHA256
8325d53e1e1702d9432c67aae6369f46abf9a26f0556d20cb0a04a7040b1ca80
-
SHA512
ce9503dfada23ea8b6560e30a27969db6791f4b70eadd9f6acd8950eb0439467bfe7f38cbee0c9c5e50a513f59538ea5e2b6f893b40e126067d0e66ff357c913
Static task
static1
Behavioral task
behavioral1
Sample
8325d53e1e1702d9432c67aae6369f46abf9a26f0556d20cb0a04a7040b1ca80.exe
Resource
win10-en-20211104
Malware Config
Extracted
redline
CRYPT - 42134$
185.209.28.55:2237
Targets
-
-
Target
8325d53e1e1702d9432c67aae6369f46abf9a26f0556d20cb0a04a7040b1ca80
-
Size
64KB
-
MD5
f1e1f1d8e5f3c49ef8823a2e51457219
-
SHA1
6fb928baac53cae00942d28a01cfbcb8758ad9cc
-
SHA256
8325d53e1e1702d9432c67aae6369f46abf9a26f0556d20cb0a04a7040b1ca80
-
SHA512
ce9503dfada23ea8b6560e30a27969db6791f4b70eadd9f6acd8950eb0439467bfe7f38cbee0c9c5e50a513f59538ea5e2b6f893b40e126067d0e66ff357c913
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-