General
-
Target
bf5b908243badc0b36dccbae22c12f6906715eacee79b6c6f158f17a72bcff5d
-
Size
1.0MB
-
Sample
220125-v7shcacca4
-
MD5
0a5da8f85c788d4ca63451b776cf1927
-
SHA1
9c6857bf8e46979a18531d72390784e2b8004e6a
-
SHA256
bf5b908243badc0b36dccbae22c12f6906715eacee79b6c6f158f17a72bcff5d
-
SHA512
33f2131190da355db001e8f4874fdd1491f3cb2877426f712d781e1e09d09ae48e9a87f54dd785257ae3be445f9a4d7f988c61fd5403cd51d06d85a27ff300f5
Static task
static1
Behavioral task
behavioral1
Sample
bf5b908243badc0b36dccbae22c12f6906715eacee79b6c6f158f17a72bcff5d.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
bf5b908243badc0b36dccbae22c12f6906715eacee79b6c6f158f17a72bcff5d
-
Size
1.0MB
-
MD5
0a5da8f85c788d4ca63451b776cf1927
-
SHA1
9c6857bf8e46979a18531d72390784e2b8004e6a
-
SHA256
bf5b908243badc0b36dccbae22c12f6906715eacee79b6c6f158f17a72bcff5d
-
SHA512
33f2131190da355db001e8f4874fdd1491f3cb2877426f712d781e1e09d09ae48e9a87f54dd785257ae3be445f9a4d7f988c61fd5403cd51d06d85a27ff300f5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Sets service image path in registry
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-