General
-
Target
SecuriteInfo.com.Variant.Ursu.588815.10992.20911
-
Size
525KB
-
Sample
220706-lzje2abdem
-
MD5
15f43d61bee241657b1ad10d6aa11e57
-
SHA1
83e96ecb233bd270b4f002c55aa28e92306650ef
-
SHA256
538e65ae9a73e15bd98c8fd0b5ecce5aaecdeb5e36a12a416a56a78c3cfbb3c8
-
SHA512
0e8a516e1439ec1a871d2afba0140a38f2ac8f4f13ad2283d334edf01537aa147023abf81957118b347c7634a05651fb26177e634ba8882d79c35754cfac9e5a
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Ursu.588815.10992.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Ursu.588815.10992.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
wizzy
107.182.128.57:48273
Targets
-
-
Target
SecuriteInfo.com.Variant.Ursu.588815.10992.20911
-
Size
525KB
-
MD5
15f43d61bee241657b1ad10d6aa11e57
-
SHA1
83e96ecb233bd270b4f002c55aa28e92306650ef
-
SHA256
538e65ae9a73e15bd98c8fd0b5ecce5aaecdeb5e36a12a416a56a78c3cfbb3c8
-
SHA512
0e8a516e1439ec1a871d2afba0140a38f2ac8f4f13ad2283d334edf01537aa147023abf81957118b347c7634a05651fb26177e634ba8882d79c35754cfac9e5a
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-