General
-
Target
72fe3a6f7ec7918ba7d09002d44f7e8a.exe
-
Size
467KB
-
Sample
220315-dcq8cshchn
-
MD5
72fe3a6f7ec7918ba7d09002d44f7e8a
-
SHA1
8313d2104e587fd5e14d1682f005ef17a01ec7a9
-
SHA256
e5c444885808b5fcb13c40fb5d6c12013462113793988bf805c3b9f3b7f56ffb
-
SHA512
0802b8a9a9bdaa4e7cc60bd28f10ce754f3c08fac353879df2c3218aa8ba4f1e3c12c4fb528531752f463b95203cc21145b1408b2a82dc98da64210dc591ebdb
Static task
static1
Behavioral task
behavioral1
Sample
72fe3a6f7ec7918ba7d09002d44f7e8a.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
72fe3a6f7ec7918ba7d09002d44f7e8a.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
redline
portall
vistolham.xyz:81
dussicora.xyz:81
morrwlerh.xyz:81
-
auth_value
6ce29d9c2924ccd339bad7128f65b6a0
Targets
-
-
Target
72fe3a6f7ec7918ba7d09002d44f7e8a.exe
-
Size
467KB
-
MD5
72fe3a6f7ec7918ba7d09002d44f7e8a
-
SHA1
8313d2104e587fd5e14d1682f005ef17a01ec7a9
-
SHA256
e5c444885808b5fcb13c40fb5d6c12013462113793988bf805c3b9f3b7f56ffb
-
SHA512
0802b8a9a9bdaa4e7cc60bd28f10ce754f3c08fac353879df2c3218aa8ba4f1e3c12c4fb528531752f463b95203cc21145b1408b2a82dc98da64210dc591ebdb
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-