General
-
Target
46cdd551cb300258b19545c99396a4f854d1992cb3c46ff0da62a74dbb260635
-
Size
457KB
-
Sample
211022-r6l3dscffj
-
MD5
0eb7bedd631c3107c5f65c109ac8bf2e
-
SHA1
8d83f0286f73481b2eca565bf31395fb0db3f54c
-
SHA256
46cdd551cb300258b19545c99396a4f854d1992cb3c46ff0da62a74dbb260635
-
SHA512
75c443d811a7e75f96607a440dcc1c51cf158a5505de5a1453e4723a2bf9b18778119a14a3f4b9d63b9c93ea43da0a6f620414e9fff92fd889b48db404b6ed09
Static task
static1
Malware Config
Targets
-
-
Target
46cdd551cb300258b19545c99396a4f854d1992cb3c46ff0da62a74dbb260635
-
Size
457KB
-
MD5
0eb7bedd631c3107c5f65c109ac8bf2e
-
SHA1
8d83f0286f73481b2eca565bf31395fb0db3f54c
-
SHA256
46cdd551cb300258b19545c99396a4f854d1992cb3c46ff0da62a74dbb260635
-
SHA512
75c443d811a7e75f96607a440dcc1c51cf158a5505de5a1453e4723a2bf9b18778119a14a3f4b9d63b9c93ea43da0a6f620414e9fff92fd889b48db404b6ed09
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
-
suricata: ET MALWARE JS/Nemucod.M.gen downloading EXE payload
suricata: ET MALWARE JS/Nemucod.M.gen downloading EXE payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-