General
-
Target
usfive_20211021-084805
-
Size
337KB
-
Sample
211021-k16raaaaf6
-
MD5
a371cb8030ecb71c1246359e86e45fe6
-
SHA1
8cc4982a22d833799906bd8c9616385142386407
-
SHA256
f8f717beb9b7de0b20ef86dcabc3a7b107fcfd933daa17899ff95dce53ba6db8
-
SHA512
8875fb83ce689f5f8dced5cbde2e40cdc9adfbf716f34770bdc747e0ef47d3766c91c1c9c30a1638381617e47bf8650d4909b24822e957102cffc5aa58338100
Static task
static1
Behavioral task
behavioral1
Sample
usfive_20211021-084805.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
usfive_20211021-084805.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
netlyvpn evadav
94.103.9.181:25749
Targets
-
-
Target
usfive_20211021-084805
-
Size
337KB
-
MD5
a371cb8030ecb71c1246359e86e45fe6
-
SHA1
8cc4982a22d833799906bd8c9616385142386407
-
SHA256
f8f717beb9b7de0b20ef86dcabc3a7b107fcfd933daa17899ff95dce53ba6db8
-
SHA512
8875fb83ce689f5f8dced5cbde2e40cdc9adfbf716f34770bdc747e0ef47d3766c91c1c9c30a1638381617e47bf8650d4909b24822e957102cffc5aa58338100
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-