General
-
Target
185a1618971eeb1f343e81fabe987041.exe
-
Size
933KB
-
Sample
211214-sy7jssghfp
-
MD5
185a1618971eeb1f343e81fabe987041
-
SHA1
9ae4c684a1e94214b3bd46d60eb71624ff8a676b
-
SHA256
2b27fc044a4ce3bfc1f7a46be0ac6e68da908ffaad2b7dcfe94df252123e22f6
-
SHA512
cb7fc1844f86bd6a0d5dc8b318815fd8ac496263510c89fcaca30e3e9c2380273cfc545556ff9592bacbf8867b8ebe823159eb2d15833efb796af26b36fcd1fb
Static task
static1
Behavioral task
behavioral1
Sample
185a1618971eeb1f343e81fabe987041.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
185a1618971eeb1f343e81fabe987041.exe
Resource
win10-en-20211208
Malware Config
Extracted
redline
185.112.83.69:37026
Extracted
redline
xxluchxx1
212.86.102.63:62907
Extracted
redline
cheat
185.112.83.21:21142
Targets
-
-
Target
185a1618971eeb1f343e81fabe987041.exe
-
Size
933KB
-
MD5
185a1618971eeb1f343e81fabe987041
-
SHA1
9ae4c684a1e94214b3bd46d60eb71624ff8a676b
-
SHA256
2b27fc044a4ce3bfc1f7a46be0ac6e68da908ffaad2b7dcfe94df252123e22f6
-
SHA512
cb7fc1844f86bd6a0d5dc8b318815fd8ac496263510c89fcaca30e3e9c2380273cfc545556ff9592bacbf8867b8ebe823159eb2d15833efb796af26b36fcd1fb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-