General
-
Target
809f720b347e0aa5f58c3a117129a76a19be445d5983892df7089c0e869c07c1
-
Size
5.3MB
-
Sample
220705-176mvsdfbj
-
MD5
b76babadb0dc8806052579b97e45f0ff
-
SHA1
2f7b7e70ac41d942c82976e13abc528788af2ae1
-
SHA256
809f720b347e0aa5f58c3a117129a76a19be445d5983892df7089c0e869c07c1
-
SHA512
98604efeec79122f41c836be03f87166fcc0ea820613e8ea7b8d3bf40093d5dfc67015656532ad193b75f35a83eeff26810e81204eb2b09a1cf0f5749ae9560a
Static task
static1
Behavioral task
behavioral1
Sample
809f720b347e0aa5f58c3a117129a76a19be445d5983892df7089c0e869c07c1.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
SUBZERO
185.215.113.217:19618
-
auth_value
019ff2a82025cde517e4466362191205
Targets
-
-
Target
809f720b347e0aa5f58c3a117129a76a19be445d5983892df7089c0e869c07c1
-
Size
5.3MB
-
MD5
b76babadb0dc8806052579b97e45f0ff
-
SHA1
2f7b7e70ac41d942c82976e13abc528788af2ae1
-
SHA256
809f720b347e0aa5f58c3a117129a76a19be445d5983892df7089c0e869c07c1
-
SHA512
98604efeec79122f41c836be03f87166fcc0ea820613e8ea7b8d3bf40093d5dfc67015656532ad193b75f35a83eeff26810e81204eb2b09a1cf0f5749ae9560a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-