General
-
Target
e3.exe
-
Size
648KB
-
Sample
220310-k8jaysedg5
-
MD5
64f4bbe857738a09a874b276807ab110
-
SHA1
9bb080185079c4f666b69013f706077e5c1cc8c7
-
SHA256
e347cd6db9c802638a546510c858928f9e69325d092c937ef3f33497d7d8c844
-
SHA512
bcb8c48978ee03f63aa984d17637026e961d5743e94fa655175193eab60d69cc74e7ea7cb8baf8fefbdbbdfccafdbb425faad69eb2d45ad4f9215572d83bbe15
Static task
static1
Behavioral task
behavioral1
Sample
e3.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
newall
deyneyab.xyz:80
-
auth_value
25db96cfa370a37f57d1a769f3900122
Targets
-
-
Target
e3.exe
-
Size
648KB
-
MD5
64f4bbe857738a09a874b276807ab110
-
SHA1
9bb080185079c4f666b69013f706077e5c1cc8c7
-
SHA256
e347cd6db9c802638a546510c858928f9e69325d092c937ef3f33497d7d8c844
-
SHA512
bcb8c48978ee03f63aa984d17637026e961d5743e94fa655175193eab60d69cc74e7ea7cb8baf8fefbdbbdfccafdbb425faad69eb2d45ad4f9215572d83bbe15
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-