General
-
Target
c0985e8fa2d0a194b764f7641b74a187.exe
-
Size
1.4MB
-
Sample
220518-awrfpadggl
-
MD5
c0985e8fa2d0a194b764f7641b74a187
-
SHA1
0050f628b046297a26492f058c198f406be802cf
-
SHA256
02a5a4a60619915dd81f8a178298793689088cbfd0523b6b99ab99c85c51298e
-
SHA512
f5c8385ddd671aaf4f6adacfa82bdb64815caf3d3ee49f597ccf37cb49523f414804880b97c4234d85d6c330b232ea1fe4937d601c1c627969cfd697cde2089f
Static task
static1
Behavioral task
behavioral1
Sample
c0985e8fa2d0a194b764f7641b74a187.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c0985e8fa2d0a194b764f7641b74a187.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
TORRENTOLD
193.142.146.212:28823
-
auth_value
74e1b58bf920611f04c0e3919954fe05
Targets
-
-
Target
c0985e8fa2d0a194b764f7641b74a187.exe
-
Size
1.4MB
-
MD5
c0985e8fa2d0a194b764f7641b74a187
-
SHA1
0050f628b046297a26492f058c198f406be802cf
-
SHA256
02a5a4a60619915dd81f8a178298793689088cbfd0523b6b99ab99c85c51298e
-
SHA512
f5c8385ddd671aaf4f6adacfa82bdb64815caf3d3ee49f597ccf37cb49523f414804880b97c4234d85d6c330b232ea1fe4937d601c1c627969cfd697cde2089f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-