General
-
Target
usfive_20211021-124624
-
Size
333KB
-
Sample
211021-rl6ajabceq
-
MD5
d925816145cc18afdd4675c4846bc9a7
-
SHA1
9eb8dff855f515f3253eb2987679c462c9cab3e7
-
SHA256
6ccde99f9a922f30985bf697ef122d1bb102993590064544c6d0cda4f53cbdcc
-
SHA512
5caec99f2a47c64193707f5f3ccb74408eea98fd395d1fba4881f7ca39149ec3aa233ef4d85396e6e3be037bc293a138ea4e1d97528c72466e8d8c5a663f5326
Static task
static1
Behavioral task
behavioral1
Sample
usfive_20211021-124624.exe
Resource
win7-en-20211014
Malware Config
Extracted
redline
oct21
94.103.9.181:25690
Targets
-
-
Target
usfive_20211021-124624
-
Size
333KB
-
MD5
d925816145cc18afdd4675c4846bc9a7
-
SHA1
9eb8dff855f515f3253eb2987679c462c9cab3e7
-
SHA256
6ccde99f9a922f30985bf697ef122d1bb102993590064544c6d0cda4f53cbdcc
-
SHA512
5caec99f2a47c64193707f5f3ccb74408eea98fd395d1fba4881f7ca39149ec3aa233ef4d85396e6e3be037bc293a138ea4e1d97528c72466e8d8c5a663f5326
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-