General
-
Target
da48cb12d5b8a42c301e6b3d01600f5b682c818e737f949b8f2254e1a7f0ed8a
-
Size
1.1MB
-
Sample
220810-re3aasbbdm
-
MD5
9b7140f6c89d588f08ab486a194b651f
-
SHA1
082d87ac950990e2295f0b09c68387359b2c5519
-
SHA256
da48cb12d5b8a42c301e6b3d01600f5b682c818e737f949b8f2254e1a7f0ed8a
-
SHA512
7c2a2cb64d8d903a08288b43634ab7492ffb8de38afbcfacdc70982dfa23f8078997ffce98e55564f60f63d96d209e29577eded830b5a9cd8353834d3e74cfda
Static task
static1
Malware Config
Extracted
redline
top1
pemararslava.xyz:80
-
auth_value
e3ff30d1ffe0ffdb11211b351a0179a1
Targets
-
-
Target
da48cb12d5b8a42c301e6b3d01600f5b682c818e737f949b8f2254e1a7f0ed8a
-
Size
1.1MB
-
MD5
9b7140f6c89d588f08ab486a194b651f
-
SHA1
082d87ac950990e2295f0b09c68387359b2c5519
-
SHA256
da48cb12d5b8a42c301e6b3d01600f5b682c818e737f949b8f2254e1a7f0ed8a
-
SHA512
7c2a2cb64d8d903a08288b43634ab7492ffb8de38afbcfacdc70982dfa23f8078997ffce98e55564f60f63d96d209e29577eded830b5a9cd8353834d3e74cfda
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-