General
-
Target
µTorrent Pro Crack.exe
-
Size
2.4MB
-
Sample
220703-p87qrshea3
-
MD5
a8f362ce31331833dee534ee0a81c870
-
SHA1
d9d78dffd8809bea3c39a7d773b5431110f46b7c
-
SHA256
bebadfa962b18b44ec66b4dc3b5081c95be4579e78e62bd0985b3579a8bd9b3d
-
SHA512
fa85fe6d71115dea0aeb80021fbf69b6f7e1a411d2cb7293bc1b6d48c664859031ede30586970589f0899a41b6642eeee98cd0465867e7c75e8af047afb2f57f
Malware Config
Extracted
redline
185.215.113.83:60722
-
auth_value
7ade33ba2c5bd3dce7cdb8a69ee746da
Targets
-
-
Target
µTorrent Pro Crack.exe
-
Size
2.4MB
-
MD5
a8f362ce31331833dee534ee0a81c870
-
SHA1
d9d78dffd8809bea3c39a7d773b5431110f46b7c
-
SHA256
bebadfa962b18b44ec66b4dc3b5081c95be4579e78e62bd0985b3579a8bd9b3d
-
SHA512
fa85fe6d71115dea0aeb80021fbf69b6f7e1a411d2cb7293bc1b6d48c664859031ede30586970589f0899a41b6642eeee98cd0465867e7c75e8af047afb2f57f
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-