General
-
Target
e7076a3303f109e81cdf10bfd09b5d0a
-
Size
468KB
-
Sample
220129-ql9saabcbp
-
MD5
e7076a3303f109e81cdf10bfd09b5d0a
-
SHA1
30adb3336dba902cfb3f615394b53480b8976694
-
SHA256
53b60511d295d3bd9c9524f275a4962d8e1cad17ee84d0676ef16bdae07d26bf
-
SHA512
5fd8e53f733ce5b45acb80669678adc8cfd7cb4724b522130776a235c6abc2c73310f9f2b8f5e5f1eb20f20ea4ad040a5dda084793b199199a198d8315be610c
Static task
static1
Behavioral task
behavioral1
Sample
e7076a3303f109e81cdf10bfd09b5d0a.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e7076a3303f109e81cdf10bfd09b5d0a.exe
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
e7076a3303f109e81cdf10bfd09b5d0a
-
Size
468KB
-
MD5
e7076a3303f109e81cdf10bfd09b5d0a
-
SHA1
30adb3336dba902cfb3f615394b53480b8976694
-
SHA256
53b60511d295d3bd9c9524f275a4962d8e1cad17ee84d0676ef16bdae07d26bf
-
SHA512
5fd8e53f733ce5b45acb80669678adc8cfd7cb4724b522130776a235c6abc2c73310f9f2b8f5e5f1eb20f20ea4ad040a5dda084793b199199a198d8315be610c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-