General
-
Target
13572ac4e7c7e18d60d9590ccef66950
-
Size
40KB
-
Sample
210804-4a656hefts
-
MD5
13572ac4e7c7e18d60d9590ccef66950
-
SHA1
a3f50640b0b4fc5985f621f17b5d6f05d58ef13a
-
SHA256
ddb3ea989aeba953c5e62ab710371b75bd78eaee4dff5facf08ef65cd07e9bdf
-
SHA512
9fd4e6a375507b6498a1948ad048ea2a54c59454a8f0cd8d80efa717ab09220a3045398207eca8b293b129c03ae810501fc760bce6b5324486c3e68abae99353
Static task
static1
Behavioral task
behavioral1
Sample
13572ac4e7c7e18d60d9590ccef66950.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
13572ac4e7c7e18d60d9590ccef66950.exe
Resource
win10v20210408
Malware Config
Extracted
redline
forinstalls
77.220.213.35:52349
Targets
-
-
Target
13572ac4e7c7e18d60d9590ccef66950
-
Size
40KB
-
MD5
13572ac4e7c7e18d60d9590ccef66950
-
SHA1
a3f50640b0b4fc5985f621f17b5d6f05d58ef13a
-
SHA256
ddb3ea989aeba953c5e62ab710371b75bd78eaee4dff5facf08ef65cd07e9bdf
-
SHA512
9fd4e6a375507b6498a1948ad048ea2a54c59454a8f0cd8d80efa717ab09220a3045398207eca8b293b129c03ae810501fc760bce6b5324486c3e68abae99353
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-