General
-
Target
baab4292bc0a3a1993ad26c7e268783c.exe
-
Size
353KB
-
Sample
210421-exckr11fke
-
MD5
baab4292bc0a3a1993ad26c7e268783c
-
SHA1
061d5716ece0544005845d06544b2707238bea64
-
SHA256
c0dc7d159998d5d56de5e562cf751e2418a6f23b1c2be5f1b74d0d3590bb2d98
-
SHA512
416344bf2a4a02cd795a3ce4c48edc4ec6a31480b8b61e628dd790bfecc47373be9d79b5958b59692e3404daefe4ffb4fa1b000be6567bffb53b787b64a089f3
Static task
static1
Behavioral task
behavioral1
Sample
baab4292bc0a3a1993ad26c7e268783c.exe
Resource
win7v20210410
Malware Config
Extracted
redline
118
bumblebee2021.store:80
trusmileveneers.store:80
lazerprojekt.store:80
Targets
-
-
Target
baab4292bc0a3a1993ad26c7e268783c.exe
-
Size
353KB
-
MD5
baab4292bc0a3a1993ad26c7e268783c
-
SHA1
061d5716ece0544005845d06544b2707238bea64
-
SHA256
c0dc7d159998d5d56de5e562cf751e2418a6f23b1c2be5f1b74d0d3590bb2d98
-
SHA512
416344bf2a4a02cd795a3ce4c48edc4ec6a31480b8b61e628dd790bfecc47373be9d79b5958b59692e3404daefe4ffb4fa1b000be6567bffb53b787b64a089f3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-