General
-
Target
a4ad32dc5c0845a72b616ba4126b0a19.exe
-
Size
486KB
-
Sample
220303-l8hvvscbgr
-
MD5
a4ad32dc5c0845a72b616ba4126b0a19
-
SHA1
81006db8784c26f577279e4afa69706e5f5adeb0
-
SHA256
e64a65d3a69e8f73be9e412ea79a19b31f962fa2aa3adac1356f04b36a6dc553
-
SHA512
8570fa1a94ba4c4400806b157446184635350da9a625fa0ad7471cf815fc225493fab2bd420bc07b71a4e28536760a41800573345733dc5da210d1687b98ea36
Static task
static1
Behavioral task
behavioral1
Sample
a4ad32dc5c0845a72b616ba4126b0a19.exe
Resource
win7-20220223-en
Malware Config
Extracted
redline
nnn
194.87.218.126:47934
-
auth_value
d9bbe0cb156f55e7f4571b1c394baf28
Targets
-
-
Target
a4ad32dc5c0845a72b616ba4126b0a19.exe
-
Size
486KB
-
MD5
a4ad32dc5c0845a72b616ba4126b0a19
-
SHA1
81006db8784c26f577279e4afa69706e5f5adeb0
-
SHA256
e64a65d3a69e8f73be9e412ea79a19b31f962fa2aa3adac1356f04b36a6dc553
-
SHA512
8570fa1a94ba4c4400806b157446184635350da9a625fa0ad7471cf815fc225493fab2bd420bc07b71a4e28536760a41800573345733dc5da210d1687b98ea36
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-