General
-
Target
28721c3cd4f288543c47a3969c9aad888ace7868a8f945d12ac5e5357b304105
-
Size
239KB
-
Sample
210926-zw1f2afcem
-
MD5
eb0f3303a31ecafed25bb1d40e4a5c85
-
SHA1
6f361f5e722da83c6ddcd689d6128e5bdfe84f6d
-
SHA256
28721c3cd4f288543c47a3969c9aad888ace7868a8f945d12ac5e5357b304105
-
SHA512
c3f9a60ff06ae534e4695c69841799443e9f195a4a871999883ab4b56ee9cdb3565b524b77c8327b23d5e11c2e5be2226d0129d279f2f28d747b8ba366e76666
Static task
static1
Malware Config
Extracted
redline
UTS
45.9.20.20:13441
Targets
-
-
Target
28721c3cd4f288543c47a3969c9aad888ace7868a8f945d12ac5e5357b304105
-
Size
239KB
-
MD5
eb0f3303a31ecafed25bb1d40e4a5c85
-
SHA1
6f361f5e722da83c6ddcd689d6128e5bdfe84f6d
-
SHA256
28721c3cd4f288543c47a3969c9aad888ace7868a8f945d12ac5e5357b304105
-
SHA512
c3f9a60ff06ae534e4695c69841799443e9f195a4a871999883ab4b56ee9cdb3565b524b77c8327b23d5e11c2e5be2226d0129d279f2f28d747b8ba366e76666
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-