General
-
Target
75b40e9d9822fdb06848f5ba2932e5878ac672180bc7dd3ab82ad42fab41ecc5
-
Size
863KB
-
Sample
211207-vp6l9aefa7
-
MD5
669afee3432ad5f508a2c593610725e8
-
SHA1
9735d6ac5053b9eed2b6fffc37696707e94061dd
-
SHA256
75b40e9d9822fdb06848f5ba2932e5878ac672180bc7dd3ab82ad42fab41ecc5
-
SHA512
6034bca1ca5b3c8cd15b29b295e841afb0eb3320084c34c63ad704334577de9422cddbbe062d41c0289d817df8bf50e204eb27e9d66721793bdab62058bbbb5e
Static task
static1
Malware Config
Extracted
redline
91.243.32.50:63948
Targets
-
-
Target
75b40e9d9822fdb06848f5ba2932e5878ac672180bc7dd3ab82ad42fab41ecc5
-
Size
863KB
-
MD5
669afee3432ad5f508a2c593610725e8
-
SHA1
9735d6ac5053b9eed2b6fffc37696707e94061dd
-
SHA256
75b40e9d9822fdb06848f5ba2932e5878ac672180bc7dd3ab82ad42fab41ecc5
-
SHA512
6034bca1ca5b3c8cd15b29b295e841afb0eb3320084c34c63ad704334577de9422cddbbe062d41c0289d817df8bf50e204eb27e9d66721793bdab62058bbbb5e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
XMRig Miner Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-