General
-
Target
4d08c78b5911ff104d0c322b887c3e2721c25cc5e8c037a70939600f62d9b548
-
Size
799KB
-
Sample
211020-k9rcysggh4
-
MD5
fa977ef2f98139eab16f02e933466a16
-
SHA1
9d330777eb941567d9c93b96a23d6b34fc868d61
-
SHA256
4d08c78b5911ff104d0c322b887c3e2721c25cc5e8c037a70939600f62d9b548
-
SHA512
c44377e77fd08d74860ee1ea2dfad3402dae57be10a9add40eb35e2134fb36116168856a5b16b21380bde604a7b6d5ac64c1c0daf481d1f08f2c34fad9fbe972
Static task
static1
Malware Config
Extracted
redline
Proliv3
145.239.32.179:27763
Targets
-
-
Target
4d08c78b5911ff104d0c322b887c3e2721c25cc5e8c037a70939600f62d9b548
-
Size
799KB
-
MD5
fa977ef2f98139eab16f02e933466a16
-
SHA1
9d330777eb941567d9c93b96a23d6b34fc868d61
-
SHA256
4d08c78b5911ff104d0c322b887c3e2721c25cc5e8c037a70939600f62d9b548
-
SHA512
c44377e77fd08d74860ee1ea2dfad3402dae57be10a9add40eb35e2134fb36116168856a5b16b21380bde604a7b6d5ac64c1c0daf481d1f08f2c34fad9fbe972
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-