General
-
Target
5d01adc3f563bc34229b0437eda3ff6c.exe
-
Size
489KB
-
Sample
220129-kmkxnagfal
-
MD5
5d01adc3f563bc34229b0437eda3ff6c
-
SHA1
a9a2b693ad48b4ca990efeeae52caf438d149f64
-
SHA256
c8bc3d8999ea722aed8119e76c7bce559697720d0ef44b2a22e7131bd0a9b432
-
SHA512
604a506ba0ebdd326b937334a653e4fb5d0b86d3fa99f94002a64b23089095a27764d1853e852e10f406eace4e805a498012bc1a2033b8f9de3ca4df133bcfe8
Static task
static1
Behavioral task
behavioral1
Sample
5d01adc3f563bc34229b0437eda3ff6c.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
top2
178.20.44.124:38636
Targets
-
-
Target
5d01adc3f563bc34229b0437eda3ff6c.exe
-
Size
489KB
-
MD5
5d01adc3f563bc34229b0437eda3ff6c
-
SHA1
a9a2b693ad48b4ca990efeeae52caf438d149f64
-
SHA256
c8bc3d8999ea722aed8119e76c7bce559697720d0ef44b2a22e7131bd0a9b432
-
SHA512
604a506ba0ebdd326b937334a653e4fb5d0b86d3fa99f94002a64b23089095a27764d1853e852e10f406eace4e805a498012bc1a2033b8f9de3ca4df133bcfe8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-