General
-
Target
b8f88d0b48fbf8c1eac3d72272ddc48c723cbf8ba0527fdf42ad20cc5724ab9f
-
Size
163KB
-
Sample
210821-28qbhl252j
-
MD5
ec3921304077e2ac56d2f5060adab3d5
-
SHA1
923cf378ec34c6d660f88c7916c083bedb9378aa
-
SHA256
b8f88d0b48fbf8c1eac3d72272ddc48c723cbf8ba0527fdf42ad20cc5724ab9f
-
SHA512
3796aab3dd9822ba41b57ef009166e4f99adab87cf279f9d86d4d7f227128da8faf2da7290e84ebffc11f1e8d17dfd0d8db9c2691e7fc08a93a02f748e293d28
Static task
static1
Behavioral task
behavioral1
Sample
b8f88d0b48fbf8c1eac3d72272ddc48c723cbf8ba0527fdf42ad20cc5724ab9f.exe
Resource
win10v20210410
Malware Config
Extracted
redline
3
deyrolorme.xyz:80
xariebelal.xyz:80
anihelardd.xyz:80
Targets
-
-
Target
b8f88d0b48fbf8c1eac3d72272ddc48c723cbf8ba0527fdf42ad20cc5724ab9f
-
Size
163KB
-
MD5
ec3921304077e2ac56d2f5060adab3d5
-
SHA1
923cf378ec34c6d660f88c7916c083bedb9378aa
-
SHA256
b8f88d0b48fbf8c1eac3d72272ddc48c723cbf8ba0527fdf42ad20cc5724ab9f
-
SHA512
3796aab3dd9822ba41b57ef009166e4f99adab87cf279f9d86d4d7f227128da8faf2da7290e84ebffc11f1e8d17dfd0d8db9c2691e7fc08a93a02f748e293d28
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-