General
-
Target
41373fac6bd0f23dbdbc2fe9b4acfb70d7aa48dba80e8.exe
-
Size
1.0MB
-
Sample
220127-vfqjnsgff6
-
MD5
1a1cdef957a125bb0f1b01b019fe3950
-
SHA1
a2043ccef00cb14eb67a6d92c04aa1b1e1648f50
-
SHA256
41373fac6bd0f23dbdbc2fe9b4acfb70d7aa48dba80e8dccc74c4427ee48d7fd
-
SHA512
d0a76f1a690957386f5a649d01bd994b41020a6707c225514eda0d83615bf03329c6a14fc3dc810be41019e3c9ebb3dcc4b4695aa75b8062e05ea0464c91a22b
Static task
static1
Behavioral task
behavioral1
Sample
41373fac6bd0f23dbdbc2fe9b4acfb70d7aa48dba80e8.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
test
canalarleliv.xyz:40800
Targets
-
-
Target
41373fac6bd0f23dbdbc2fe9b4acfb70d7aa48dba80e8.exe
-
Size
1.0MB
-
MD5
1a1cdef957a125bb0f1b01b019fe3950
-
SHA1
a2043ccef00cb14eb67a6d92c04aa1b1e1648f50
-
SHA256
41373fac6bd0f23dbdbc2fe9b4acfb70d7aa48dba80e8dccc74c4427ee48d7fd
-
SHA512
d0a76f1a690957386f5a649d01bd994b41020a6707c225514eda0d83615bf03329c6a14fc3dc810be41019e3c9ebb3dcc4b4695aa75b8062e05ea0464c91a22b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-