General
-
Target
3f667b290d74df1d35ca8722fcabaddb.exe
-
Size
489KB
-
Sample
220202-r6f65safg8
-
MD5
3f667b290d74df1d35ca8722fcabaddb
-
SHA1
d8cef66e90cb08dff0d4f016a970918b149dd256
-
SHA256
c769f765b5afffeaec73e202c12f496bf55876b1eaff2f7a693fe57d3e135f2b
-
SHA512
4df01ebb950e82c552e76bdac02f070ad4ed7b1d3816ce190b014a77dcc0996a74f39d2ced303ddee51c64a1f93ee09b7c9ed1291ad32de67e2345155122192a
Static task
static1
Behavioral task
behavioral1
Sample
3f667b290d74df1d35ca8722fcabaddb.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
3f667b290d74df1d35ca8722fcabaddb.exe
Resource
win10v2004-en-20220112
Malware Config
Extracted
redline
1
stata2021.best:21675
Targets
-
-
Target
3f667b290d74df1d35ca8722fcabaddb.exe
-
Size
489KB
-
MD5
3f667b290d74df1d35ca8722fcabaddb
-
SHA1
d8cef66e90cb08dff0d4f016a970918b149dd256
-
SHA256
c769f765b5afffeaec73e202c12f496bf55876b1eaff2f7a693fe57d3e135f2b
-
SHA512
4df01ebb950e82c552e76bdac02f070ad4ed7b1d3816ce190b014a77dcc0996a74f39d2ced303ddee51c64a1f93ee09b7c9ed1291ad32de67e2345155122192a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-