General
-
Target
RFQ-PO#.220376-TU-301-S-SW012-Y15(D).exe
-
Size
252KB
-
Sample
220804-j54xtadggm
-
MD5
0de6ac525f11b4fdda87518ac3aef2b8
-
SHA1
5a49d853968d6230cabf1d0cf4c9c1c1c438a431
-
SHA256
5bb4ec26c98f014ab8710453929f8342245a6465b51ee40f5e95bf417e918dd4
-
SHA512
0c9ef0b6478fd3058aef41e320a26fd0dcbafc6e7c0f3386f9294d00b131136b9e2a110631f5291b5a39f916af0a9a08cc3449348a83f866da69c454e18b5bf2
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-PO#.220376-TU-301-S-SW012-Y15(D).exe
Resource
win7-20220718-en
Malware Config
Extracted
redline
FireFox
195.178.120.19:24150
Targets
-
-
Target
RFQ-PO#.220376-TU-301-S-SW012-Y15(D).exe
-
Size
252KB
-
MD5
0de6ac525f11b4fdda87518ac3aef2b8
-
SHA1
5a49d853968d6230cabf1d0cf4c9c1c1c438a431
-
SHA256
5bb4ec26c98f014ab8710453929f8342245a6465b51ee40f5e95bf417e918dd4
-
SHA512
0c9ef0b6478fd3058aef41e320a26fd0dcbafc6e7c0f3386f9294d00b131136b9e2a110631f5291b5a39f916af0a9a08cc3449348a83f866da69c454e18b5bf2
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-