General
-
Target
tmp/systemg.exe
-
Size
1.2MB
-
Sample
211214-qlz8vafgc2
-
MD5
78b83d8da9273d6d39a4d419296df1ef
-
SHA1
bdeb862c9dfd8c326ea6b52c340bdec35725f325
-
SHA256
ac30759bb6db02424de46e97faae66924a81b4972893fce91f81b6f3232936c3
-
SHA512
debf0a707f13bb1dac5ebb7ba3eecbc452c38cdb6445a156ad8b89a500bfa62254a972b78442867e5df32aebcae794d0cc72495c6380810a67564d4168e8b592
Static task
static1
Behavioral task
behavioral1
Sample
tmp/systemg.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
tmp/systemg.exe
Resource
win10-en-20211208
Malware Config
Extracted
redline
13.12_BUILD_1
45.9.20.221:2865
Targets
-
-
Target
tmp/systemg.exe
-
Size
1.2MB
-
MD5
78b83d8da9273d6d39a4d419296df1ef
-
SHA1
bdeb862c9dfd8c326ea6b52c340bdec35725f325
-
SHA256
ac30759bb6db02424de46e97faae66924a81b4972893fce91f81b6f3232936c3
-
SHA512
debf0a707f13bb1dac5ebb7ba3eecbc452c38cdb6445a156ad8b89a500bfa62254a972b78442867e5df32aebcae794d0cc72495c6380810a67564d4168e8b592
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-