General
-
Target
62a7d968bb42d9b157da63c1db333c38360da0dc86990cd751c3ec432d932809
-
Size
840KB
-
Sample
211018-k89sxaebhm
-
MD5
ac6d326fe5a9783a0f80913cfe8d9147
-
SHA1
c6d9771b719c123adcd303d3bc7317e41e1cf179
-
SHA256
62a7d968bb42d9b157da63c1db333c38360da0dc86990cd751c3ec432d932809
-
SHA512
0faaa3ddc074820695e12c127507d038261b5d400f8ae8aa702971da67540faae051c485e916b649a71242122d1e8bcdc9a4d6407741540040b5cefad84a136d
Static task
static1
Malware Config
Extracted
redline
Proliv2
176.57.71.68:37814
Targets
-
-
Target
62a7d968bb42d9b157da63c1db333c38360da0dc86990cd751c3ec432d932809
-
Size
840KB
-
MD5
ac6d326fe5a9783a0f80913cfe8d9147
-
SHA1
c6d9771b719c123adcd303d3bc7317e41e1cf179
-
SHA256
62a7d968bb42d9b157da63c1db333c38360da0dc86990cd751c3ec432d932809
-
SHA512
0faaa3ddc074820695e12c127507d038261b5d400f8ae8aa702971da67540faae051c485e916b649a71242122d1e8bcdc9a4d6407741540040b5cefad84a136d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-