General
-
Target
0b969852c5e1537663d690bfaf170f4a00d9986f54d84.exe
-
Size
116KB
-
Sample
211212-eym89sdcer
-
MD5
c2b56a031f17ee4633355ae5d70cb3a8
-
SHA1
1379afa68d4642d1f622a5a5479fd6899187e747
-
SHA256
0b969852c5e1537663d690bfaf170f4a00d9986f54d8469e55cfbc9e5cb3fa5b
-
SHA512
5359ba3ee78096372dc486b55fabf2234c42dfd4e13d7455b0ca054d1a8a84af364c4d2083e583047d7040c3e278c867b7a8f73ad638abf219f639793653e268
Static task
static1
Behavioral task
behavioral1
Sample
0b969852c5e1537663d690bfaf170f4a00d9986f54d84.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
3
ginnalodaned.xyz:80
Targets
-
-
Target
0b969852c5e1537663d690bfaf170f4a00d9986f54d84.exe
-
Size
116KB
-
MD5
c2b56a031f17ee4633355ae5d70cb3a8
-
SHA1
1379afa68d4642d1f622a5a5479fd6899187e747
-
SHA256
0b969852c5e1537663d690bfaf170f4a00d9986f54d8469e55cfbc9e5cb3fa5b
-
SHA512
5359ba3ee78096372dc486b55fabf2234c42dfd4e13d7455b0ca054d1a8a84af364c4d2083e583047d7040c3e278c867b7a8f73ad638abf219f639793653e268
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-