General
-
Target
4fda4b291bdc23439208635f8b4f10e5.exe
-
Size
106KB
-
Sample
220130-hj7k5sgeer
-
MD5
4fda4b291bdc23439208635f8b4f10e5
-
SHA1
6911fce737067d5bbeab05960ecd56d3a0fe0dfb
-
SHA256
79a77b41388477a3cb157995c0ad1757a8ced2b49fc968dc5d8c28806aaee480
-
SHA512
5ca7652ea5c795dd613da2ef773e048efa240d4cb5b6970d91ddb2367eda27e879d735360625725881d4940b23b6e153cb148b630f183d21025b31b4675b17cb
Static task
static1
Behavioral task
behavioral1
Sample
4fda4b291bdc23439208635f8b4f10e5.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
4fda4b291bdc23439208635f8b4f10e5.exe
Resource
win10-en-20211208
Malware Config
Extracted
redline
20kProfessor2
157.90.17.156:56409
Targets
-
-
Target
4fda4b291bdc23439208635f8b4f10e5.exe
-
Size
106KB
-
MD5
4fda4b291bdc23439208635f8b4f10e5
-
SHA1
6911fce737067d5bbeab05960ecd56d3a0fe0dfb
-
SHA256
79a77b41388477a3cb157995c0ad1757a8ced2b49fc968dc5d8c28806aaee480
-
SHA512
5ca7652ea5c795dd613da2ef773e048efa240d4cb5b6970d91ddb2367eda27e879d735360625725881d4940b23b6e153cb148b630f183d21025b31b4675b17cb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-