General
-
Target
183a84c3d59fa6de2b34b5ccbc32637c
-
Size
489KB
-
Sample
220202-sb6zraaga2
-
MD5
183a84c3d59fa6de2b34b5ccbc32637c
-
SHA1
6e30576335ccda4544d4120af63317e634dc49ed
-
SHA256
d0eed3b006b239de23f8fc768ad6afcb82d6e7e435081602f0aeb2a0d639614e
-
SHA512
bb273052914d30ad66191950a301f9899cf28d7ac52ea3d0a1c1cf1e02f8ffcfccffce031533fcf5d6b39aaf139185dcce683f32fe4b01e55bcb4d21291fa495
Static task
static1
Behavioral task
behavioral1
Sample
183a84c3d59fa6de2b34b5ccbc32637c.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
183a84c3d59fa6de2b34b5ccbc32637c.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
redline
1
stata2021.best:21675
Targets
-
-
Target
183a84c3d59fa6de2b34b5ccbc32637c
-
Size
489KB
-
MD5
183a84c3d59fa6de2b34b5ccbc32637c
-
SHA1
6e30576335ccda4544d4120af63317e634dc49ed
-
SHA256
d0eed3b006b239de23f8fc768ad6afcb82d6e7e435081602f0aeb2a0d639614e
-
SHA512
bb273052914d30ad66191950a301f9899cf28d7ac52ea3d0a1c1cf1e02f8ffcfccffce031533fcf5d6b39aaf139185dcce683f32fe4b01e55bcb4d21291fa495
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-