General
-
Target
cee9ec3f7478e35f714fed6e080f2711.exe
-
Size
1.4MB
-
Sample
220129-f11g2seac7
-
MD5
cee9ec3f7478e35f714fed6e080f2711
-
SHA1
54173b65efb80cdeeaa1047329dbf20fc13d8ed7
-
SHA256
d626d2dd320f5f66816bf3c97a8dd37f1be24b722fa32601c45e3be87791ed97
-
SHA512
774695b4f5a4b253135337af2df7accf6506c5e3718d55b51fdcad2dddc8e7bc7882f9526085e1240cb72f7fba5833ddbe60d9e07eaa2f9d00199cd0d5ade808
Static task
static1
Behavioral task
behavioral1
Sample
cee9ec3f7478e35f714fed6e080f2711.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
49.12.47.66:27973
Extracted
redline
123
46.3.199.85:4329
Targets
-
-
Target
cee9ec3f7478e35f714fed6e080f2711.exe
-
Size
1.4MB
-
MD5
cee9ec3f7478e35f714fed6e080f2711
-
SHA1
54173b65efb80cdeeaa1047329dbf20fc13d8ed7
-
SHA256
d626d2dd320f5f66816bf3c97a8dd37f1be24b722fa32601c45e3be87791ed97
-
SHA512
774695b4f5a4b253135337af2df7accf6506c5e3718d55b51fdcad2dddc8e7bc7882f9526085e1240cb72f7fba5833ddbe60d9e07eaa2f9d00199cd0d5ade808
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-