General
-
Target
batl3.exe
-
Size
554KB
-
Sample
211207-p5dcracbd5
-
MD5
d934479322934bdf30de5436e4d3e2d5
-
SHA1
64c0d9bff5f908218376c5839b9b3c2780354a1a
-
SHA256
ba195e3c25825c94b18e12def03ce866259f39761a5c01373c4eedd284a867ad
-
SHA512
da81ebe53ba1b3d2f94bcedd1adaa71fc8da3ea10eeeafd2c1a88a3b5e8b10392907e04138112b2a16edb0fbb58b5685279acc0651a17307ed2f7b16b6fe4605
Static task
static1
Behavioral task
behavioral1
Sample
batl3.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
batl3.exe
Resource
win10-en-20211104
Malware Config
Extracted
redline
1.12.2021
95.217.213.248:42382
Targets
-
-
Target
batl3.exe
-
Size
554KB
-
MD5
d934479322934bdf30de5436e4d3e2d5
-
SHA1
64c0d9bff5f908218376c5839b9b3c2780354a1a
-
SHA256
ba195e3c25825c94b18e12def03ce866259f39761a5c01373c4eedd284a867ad
-
SHA512
da81ebe53ba1b3d2f94bcedd1adaa71fc8da3ea10eeeafd2c1a88a3b5e8b10392907e04138112b2a16edb0fbb58b5685279acc0651a17307ed2f7b16b6fe4605
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-