General
-
Target
179eeb37a33fc6f628e4cf326d625e8c.exe
-
Size
451KB
-
Sample
220705-t63q9acha2
-
MD5
179eeb37a33fc6f628e4cf326d625e8c
-
SHA1
d00f0cbc0d179cb101c6c213c5d89ead0f3a8bdf
-
SHA256
66ced17e8f99394602c467b64fbfe7a5d7edd48bf4557f73ee27a3a8cf9955c8
-
SHA512
70b3597c8889ee45b26693a4c9b9a9e79e9954fb375e12422a02e3a1df7d4ec4c4b2d521223ebdb0e09f741f91ded3ded667bcb4edf5a7013cec3a9edd3492a9
Static task
static1
Behavioral task
behavioral1
Sample
179eeb37a33fc6f628e4cf326d625e8c.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
Osman Lox
159.69.32.75:31373
-
auth_value
9eb053388b7159dab7a9c0cba82ef776
Targets
-
-
Target
179eeb37a33fc6f628e4cf326d625e8c.exe
-
Size
451KB
-
MD5
179eeb37a33fc6f628e4cf326d625e8c
-
SHA1
d00f0cbc0d179cb101c6c213c5d89ead0f3a8bdf
-
SHA256
66ced17e8f99394602c467b64fbfe7a5d7edd48bf4557f73ee27a3a8cf9955c8
-
SHA512
70b3597c8889ee45b26693a4c9b9a9e79e9954fb375e12422a02e3a1df7d4ec4c4b2d521223ebdb0e09f741f91ded3ded667bcb4edf5a7013cec3a9edd3492a9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-