General
-
Target
c49d12ebbad75fb8081f4b5d5ea70868.exe
-
Size
526KB
-
Sample
220127-vzwvsshaf3
-
MD5
c49d12ebbad75fb8081f4b5d5ea70868
-
SHA1
975b999508ebafc16506162aeee4324f19193cc1
-
SHA256
9760d9e914209b0ee1b44ac47162282be879d5b1e3c867d200d94f53b13b85f7
-
SHA512
dd8e2b910f8bd8cd5c006e977606fec05de8cbd624758a9e292658be3caca0b605e3d79ba303b03002ec60efd142b4ce206c0958be6149bab1b53decd2366cbe
Static task
static1
Behavioral task
behavioral1
Sample
c49d12ebbad75fb8081f4b5d5ea70868.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
45$
91.243.59.166:5240
Targets
-
-
Target
c49d12ebbad75fb8081f4b5d5ea70868.exe
-
Size
526KB
-
MD5
c49d12ebbad75fb8081f4b5d5ea70868
-
SHA1
975b999508ebafc16506162aeee4324f19193cc1
-
SHA256
9760d9e914209b0ee1b44ac47162282be879d5b1e3c867d200d94f53b13b85f7
-
SHA512
dd8e2b910f8bd8cd5c006e977606fec05de8cbd624758a9e292658be3caca0b605e3d79ba303b03002ec60efd142b4ce206c0958be6149bab1b53decd2366cbe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-