General
-
Target
7feb667ac9fdac797ad2e148c84f086e
-
Size
682KB
-
Sample
220721-halx3sdch4
-
MD5
7feb667ac9fdac797ad2e148c84f086e
-
SHA1
e386d2533ba09e39371281ef5bf008ac46b675ae
-
SHA256
a3dab5e89517feaba18c29575d32c353518c326dc3acb4bebc7e43081cfeccc0
-
SHA512
6647e7a422bc470758dfb48c716023d3df75ba64a5bc2da8cc50965b6a095f28ec79849eccc633d717df3eab9a8326d687a210d3cb2dd4087a89c05243c5c4c6
Static task
static1
Behavioral task
behavioral1
Sample
7feb667ac9fdac797ad2e148c84f086e.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
7feb667ac9fdac797ad2e148c84f086e.exe
Resource
win10v2004-20220718-en
Malware Config
Extracted
redline
TORRENTOLD
amrican-sport-live-stream.cc:4581
-
auth_value
74e1b58bf920611f04c0e3919954fe05
Targets
-
-
Target
7feb667ac9fdac797ad2e148c84f086e
-
Size
682KB
-
MD5
7feb667ac9fdac797ad2e148c84f086e
-
SHA1
e386d2533ba09e39371281ef5bf008ac46b675ae
-
SHA256
a3dab5e89517feaba18c29575d32c353518c326dc3acb4bebc7e43081cfeccc0
-
SHA512
6647e7a422bc470758dfb48c716023d3df75ba64a5bc2da8cc50965b6a095f28ec79849eccc633d717df3eab9a8326d687a210d3cb2dd4087a89c05243c5c4c6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-