General
-
Target
af658a2ab1452b0287f0f3cd94a3cab9.exe
-
Size
12KB
-
Sample
220201-sdzcpagbek
-
MD5
af658a2ab1452b0287f0f3cd94a3cab9
-
SHA1
3ac2d185c28548d43ea47b8fa3795b4308a4c39d
-
SHA256
5ab660c1143da4a152b84aadcc978014551575601bf3425b3164d9744c842b85
-
SHA512
fd15a363976754f2244e7ea191cf8c18583f8b4deeddb7147d93a8d9b0d7021ca0d9f6631a441c67a1347e59d5c4604d6f60a5be9845e03945801da14e036555
Static task
static1
Behavioral task
behavioral1
Sample
af658a2ab1452b0287f0f3cd94a3cab9.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
af658a2ab1452b0287f0f3cd94a3cab9.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
redline
10
185.215.113.117:23200
Targets
-
-
Target
af658a2ab1452b0287f0f3cd94a3cab9.exe
-
Size
12KB
-
MD5
af658a2ab1452b0287f0f3cd94a3cab9
-
SHA1
3ac2d185c28548d43ea47b8fa3795b4308a4c39d
-
SHA256
5ab660c1143da4a152b84aadcc978014551575601bf3425b3164d9744c842b85
-
SHA512
fd15a363976754f2244e7ea191cf8c18583f8b4deeddb7147d93a8d9b0d7021ca0d9f6631a441c67a1347e59d5c4604d6f60a5be9845e03945801da14e036555
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Sets service image path in registry
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-