General
-
Target
MVPInstaller.exe
-
Size
255KB
-
Sample
220429-qee94aaeg4
-
MD5
883eb374a6710283bab49bd840d911c7
-
SHA1
29416739657f2d2b7a900dca6ddeda755852818e
-
SHA256
24bde190edd5fda4b47d376abef29d385d655c11ccfdeb314ffced065675cad4
-
SHA512
b2a159e495624cee478be7d3ff409c9d89eb6e8cb021904ab302df4910874013a305ea10100fae12685d8fc0694d84c553e4f61a194498fd0d5ee2bf6cc5527d
Static task
static1
Behavioral task
behavioral1
Sample
MVPInstaller.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
1
116.202.19.253:30602
-
auth_value
da0d7d77d8ec04c55cc5ace3d9113a5c
Targets
-
-
Target
MVPInstaller.exe
-
Size
255KB
-
MD5
883eb374a6710283bab49bd840d911c7
-
SHA1
29416739657f2d2b7a900dca6ddeda755852818e
-
SHA256
24bde190edd5fda4b47d376abef29d385d655c11ccfdeb314ffced065675cad4
-
SHA512
b2a159e495624cee478be7d3ff409c9d89eb6e8cb021904ab302df4910874013a305ea10100fae12685d8fc0694d84c553e4f61a194498fd0d5ee2bf6cc5527d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-