General
-
Target
3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e
-
Size
458KB
-
Sample
220129-jwhyzsgabm
-
MD5
a03ee84873f31ecee95290104f4e678f
-
SHA1
af01efe138ae278621b49724ece9b0bac60b1f10
-
SHA256
3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e
-
SHA512
278d7f253a9ee40344fd0e2459b6e4b6edbaeb512a29e33653ec53242820498429a449b3293728ab17243744b82311a65572987822a64716361011e556c93b87
Static task
static1
Behavioral task
behavioral1
Sample
3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e
-
Size
458KB
-
MD5
a03ee84873f31ecee95290104f4e678f
-
SHA1
af01efe138ae278621b49724ece9b0bac60b1f10
-
SHA256
3fa6d241e015a444757a8ef0d3e4ad24134655bb92169217b3702504b5f5b00e
-
SHA512
278d7f253a9ee40344fd0e2459b6e4b6edbaeb512a29e33653ec53242820498429a449b3293728ab17243744b82311a65572987822a64716361011e556c93b87
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Sets service image path in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-