General
-
Target
e16f915796d4762014fc3864d4444ac3
-
Size
449KB
-
Sample
210823-sxww8tad2n
-
MD5
e16f915796d4762014fc3864d4444ac3
-
SHA1
819364784cf0d3fe440b6c9a3950de7fa093e805
-
SHA256
65dee75f5d4f0d7e0c1065a689ebe79f67c87a4d3d9654193164128e859a0ddd
-
SHA512
1c3721ebe22c1e9b9b5f51926d9e1bd1d26fca9b57f25161afefdeca9bdb3a1551fb4931fdbbe16df59c43c8a4eaa2131ab508a97a39cd6ddaf04003d9adca2a
Static task
static1
Behavioral task
behavioral1
Sample
e16f915796d4762014fc3864d4444ac3.exe
Resource
win7v20210408
Malware Config
Extracted
redline
@soul3ss
188.130.139.12:30376
Targets
-
-
Target
e16f915796d4762014fc3864d4444ac3
-
Size
449KB
-
MD5
e16f915796d4762014fc3864d4444ac3
-
SHA1
819364784cf0d3fe440b6c9a3950de7fa093e805
-
SHA256
65dee75f5d4f0d7e0c1065a689ebe79f67c87a4d3d9654193164128e859a0ddd
-
SHA512
1c3721ebe22c1e9b9b5f51926d9e1bd1d26fca9b57f25161afefdeca9bdb3a1551fb4931fdbbe16df59c43c8a4eaa2131ab508a97a39cd6ddaf04003d9adca2a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-