General
-
Target
ba7c122421ea694f82470b12b71146dc3be788d69e354891e78a9e40adab503b
-
Size
1.1MB
-
Sample
220302-xr62xagab6
-
MD5
f2639eddc30173c0ac72c29d27b18c53
-
SHA1
43f19a7fdbadfee3072eef7efa396253ee2a251d
-
SHA256
ba7c122421ea694f82470b12b71146dc3be788d69e354891e78a9e40adab503b
-
SHA512
cb5acd9f3a229ee90d0328ecd23371c6be56f7958a34cf5ad3d2581bf9899e7ebe10f15191970bef9c9d520bc7f58b2c9e9edfee80777a531fb9975099538e2d
Static task
static1
Malware Config
Extracted
redline
alltop
deyneyab.xyz:80
-
auth_value
6fadc2b44b16945c8f721b77e484a725
Targets
-
-
Target
ba7c122421ea694f82470b12b71146dc3be788d69e354891e78a9e40adab503b
-
Size
1.1MB
-
MD5
f2639eddc30173c0ac72c29d27b18c53
-
SHA1
43f19a7fdbadfee3072eef7efa396253ee2a251d
-
SHA256
ba7c122421ea694f82470b12b71146dc3be788d69e354891e78a9e40adab503b
-
SHA512
cb5acd9f3a229ee90d0328ecd23371c6be56f7958a34cf5ad3d2581bf9899e7ebe10f15191970bef9c9d520bc7f58b2c9e9edfee80777a531fb9975099538e2d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-