General
-
Target
RQF #00811-AL WASL .exe
-
Size
721KB
-
Sample
220331-rp47msdca4
-
MD5
3f8326ef5a02e2b20b6692ed3a4153ce
-
SHA1
5fa01330c418fc54fd57481f60a32eece6caa456
-
SHA256
aa7e5c5ab042b539c1ccaebe7c129bb54da0731be955dcfa328324ca776e3b01
-
SHA512
aabc56ae6c531c3402a4b399a9682eca99ff1198d1e8bbbdc2dfb201aed55d3036448af819363d38aaefd8674838969c7149e5821009759ecbf95c9269f6c6f3
Static task
static1
Behavioral task
behavioral1
Sample
RQF #00811-AL WASL .exe
Resource
win7-20220311-en
Malware Config
Extracted
redline
jd
96.47.234.207:15286
Targets
-
-
Target
RQF #00811-AL WASL .exe
-
Size
721KB
-
MD5
3f8326ef5a02e2b20b6692ed3a4153ce
-
SHA1
5fa01330c418fc54fd57481f60a32eece6caa456
-
SHA256
aa7e5c5ab042b539c1ccaebe7c129bb54da0731be955dcfa328324ca776e3b01
-
SHA512
aabc56ae6c531c3402a4b399a9682eca99ff1198d1e8bbbdc2dfb201aed55d3036448af819363d38aaefd8674838969c7149e5821009759ecbf95c9269f6c6f3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-