General
-
Target
df4b40ac854ceef5992b98fa1f733532.exe
-
Size
264KB
-
Sample
210731-mhybp55ekj
-
MD5
df4b40ac854ceef5992b98fa1f733532
-
SHA1
783a0508e0596e711929da174926b32aaee16ad2
-
SHA256
0344c20e70f91bc71b10fb60f5043bc07f238d1439b277fec325b3cc10c19668
-
SHA512
f765832164f8453548f33abf7c58d11b7651955a779824099800aca41b0a7360258eb184b6a118b5b838f909b83e652d6efe53cc38cc53f0ea21c7ccd28bf7da
Static task
static1
Behavioral task
behavioral1
Sample
df4b40ac854ceef5992b98fa1f733532.exe
Resource
win7v20210410
Malware Config
Extracted
redline
3
213.166.68.170:16810
Targets
-
-
Target
df4b40ac854ceef5992b98fa1f733532.exe
-
Size
264KB
-
MD5
df4b40ac854ceef5992b98fa1f733532
-
SHA1
783a0508e0596e711929da174926b32aaee16ad2
-
SHA256
0344c20e70f91bc71b10fb60f5043bc07f238d1439b277fec325b3cc10c19668
-
SHA512
f765832164f8453548f33abf7c58d11b7651955a779824099800aca41b0a7360258eb184b6a118b5b838f909b83e652d6efe53cc38cc53f0ea21c7ccd28bf7da
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-