General
-
Target
0aef3aef127a4f780fc0166e4ed8ebac.exe
-
Size
549KB
-
Sample
211220-vreasacbdj
-
MD5
0aef3aef127a4f780fc0166e4ed8ebac
-
SHA1
de5e59cd81f17027d811400bc7d48765e1d55df2
-
SHA256
e7aa0daa42cf46f9268775f5deff2b2f9574ef893202491521e89a7540688152
-
SHA512
1cd35a889aebf12b42b43eb83aa8c224e1896045c37b0f08f89b5910ff55e15bcba9e215f97ead7432dc47796263508906287e184ab9f6c602097f7eb93ce5fa
Static task
static1
Behavioral task
behavioral1
Sample
0aef3aef127a4f780fc0166e4ed8ebac.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
10
18.191.251.199:45097
Targets
-
-
Target
0aef3aef127a4f780fc0166e4ed8ebac.exe
-
Size
549KB
-
MD5
0aef3aef127a4f780fc0166e4ed8ebac
-
SHA1
de5e59cd81f17027d811400bc7d48765e1d55df2
-
SHA256
e7aa0daa42cf46f9268775f5deff2b2f9574ef893202491521e89a7540688152
-
SHA512
1cd35a889aebf12b42b43eb83aa8c224e1896045c37b0f08f89b5910ff55e15bcba9e215f97ead7432dc47796263508906287e184ab9f6c602097f7eb93ce5fa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-