General
-
Target
be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39.exe
-
Size
5.0MB
-
Sample
220125-vmz2pabfe2
-
MD5
897fdc53ce5f26017c224ccab9001e74
-
SHA1
987fa2dec584d70da3c12f78ac777ca571261131
-
SHA256
be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39baf2c34ebfc49b158cf
-
SHA512
ad52fea715a346f7377cfe131bc97da46c3f690a7f86e08b44feeb5857191b959eeee309394c6423e014e901a23dea77ec20b51ee581370fe4a5ba1cbd8c61ad
Static task
static1
Behavioral task
behavioral1
Sample
be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
GLADIATOR
185.215.113.107:1433
Targets
-
-
Target
be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39.exe
-
Size
5.0MB
-
MD5
897fdc53ce5f26017c224ccab9001e74
-
SHA1
987fa2dec584d70da3c12f78ac777ca571261131
-
SHA256
be06e503bd48a2d5ec4dbb6532ad3ef1abd2d3659fa39baf2c34ebfc49b158cf
-
SHA512
ad52fea715a346f7377cfe131bc97da46c3f690a7f86e08b44feeb5857191b959eeee309394c6423e014e901a23dea77ec20b51ee581370fe4a5ba1cbd8c61ad
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-