General
-
Target
3426d12d872333a290c333ef0cff53ccd94966fe5826106ebc3d819cf078698b
-
Size
962KB
-
Sample
211204-183btsede6
-
MD5
47db0ded618502977919fdfd7444c808
-
SHA1
37c0272392fc682990ed87b4f8214959a0f75c6b
-
SHA256
3426d12d872333a290c333ef0cff53ccd94966fe5826106ebc3d819cf078698b
-
SHA512
ea070da51a0d8e5cb1873893effd49eea25b507628bb780562e140a6ac28ff0732a9c6f04f83484a23e5ea23740e190d213c71e59a272a7ee86df4fdfaf57692
Static task
static1
Behavioral task
behavioral1
Sample
3426d12d872333a290c333ef0cff53ccd94966fe5826106ebc3d819cf078698b.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
185.215.113.57:50723
Targets
-
-
Target
3426d12d872333a290c333ef0cff53ccd94966fe5826106ebc3d819cf078698b
-
Size
962KB
-
MD5
47db0ded618502977919fdfd7444c808
-
SHA1
37c0272392fc682990ed87b4f8214959a0f75c6b
-
SHA256
3426d12d872333a290c333ef0cff53ccd94966fe5826106ebc3d819cf078698b
-
SHA512
ea070da51a0d8e5cb1873893effd49eea25b507628bb780562e140a6ac28ff0732a9c6f04f83484a23e5ea23740e190d213c71e59a272a7ee86df4fdfaf57692
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-