General
-
Target
d130a390b27412c41821d456c959fd28014b856548586e2cec7eb9c5a5c918fa
-
Size
243KB
-
Sample
210926-trwdmafbc7
-
MD5
d435debfb185e602fade8099bd6f0e5c
-
SHA1
729883825dae1dbef0faf6cbcf461ffb6c0243ff
-
SHA256
d130a390b27412c41821d456c959fd28014b856548586e2cec7eb9c5a5c918fa
-
SHA512
a1d1cbbb52ca8632ff16dd152740272ff743180b14270944c7548352451eec659c1944826440aa0fb97e98eca8a0d996be6a5a46ec7ad2c28098419d1618167b
Static task
static1
Malware Config
Extracted
redline
UTS
45.9.20.20:13441
Targets
-
-
Target
d130a390b27412c41821d456c959fd28014b856548586e2cec7eb9c5a5c918fa
-
Size
243KB
-
MD5
d435debfb185e602fade8099bd6f0e5c
-
SHA1
729883825dae1dbef0faf6cbcf461ffb6c0243ff
-
SHA256
d130a390b27412c41821d456c959fd28014b856548586e2cec7eb9c5a5c918fa
-
SHA512
a1d1cbbb52ca8632ff16dd152740272ff743180b14270944c7548352451eec659c1944826440aa0fb97e98eca8a0d996be6a5a46ec7ad2c28098419d1618167b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-