General
-
Target
5adf26a5d82163f669ef588d0f16bc76.exe
-
Size
1.4MB
-
Sample
220302-vmeqraffg6
-
MD5
5adf26a5d82163f669ef588d0f16bc76
-
SHA1
5aa5c6a66eb413e370fbb62cfa262f25351492d8
-
SHA256
484890c7a8aee809d8e93a0acb330543d2b06909f2aa3f75ab38ff0c8e4e4451
-
SHA512
82d8a21d55e519e4bc2fb10fe47345420866f8cd9241dbaf4752d3dca6159834677f2ee0dfe8b5f892ce13436ddadfcecd742564d7d0e43346c259e6d4bfdcb4
Static task
static1
Behavioral task
behavioral1
Sample
5adf26a5d82163f669ef588d0f16bc76.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
alltop
deyneyab.xyz:80
-
auth_value
6fadc2b44b16945c8f721b77e484a725
Targets
-
-
Target
5adf26a5d82163f669ef588d0f16bc76.exe
-
Size
1.4MB
-
MD5
5adf26a5d82163f669ef588d0f16bc76
-
SHA1
5aa5c6a66eb413e370fbb62cfa262f25351492d8
-
SHA256
484890c7a8aee809d8e93a0acb330543d2b06909f2aa3f75ab38ff0c8e4e4451
-
SHA512
82d8a21d55e519e4bc2fb10fe47345420866f8cd9241dbaf4752d3dca6159834677f2ee0dfe8b5f892ce13436ddadfcecd742564d7d0e43346c259e6d4bfdcb4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-