General
-
Target
081ba60cfdc84fcd9c1bd234812c8dffdee559e44c2d54ab06522e94a4374254
-
Size
449KB
-
Sample
211025-qpb1eshahk
-
MD5
41965b4c7cd98b3f504a6273c097e599
-
SHA1
b3d88c8e7061bb5efae86e9b473e57dcd5cf2333
-
SHA256
081ba60cfdc84fcd9c1bd234812c8dffdee559e44c2d54ab06522e94a4374254
-
SHA512
7bd1ce8b1d08ace60d3652a8899e8bb087ba411f552bfed884ea49976cf1f27858f8625d064138d61fb8d6b5089b4372d2fad5be109fa3484a136acdf47e1719
Static task
static1
Malware Config
Targets
-
-
Target
081ba60cfdc84fcd9c1bd234812c8dffdee559e44c2d54ab06522e94a4374254
-
Size
449KB
-
MD5
41965b4c7cd98b3f504a6273c097e599
-
SHA1
b3d88c8e7061bb5efae86e9b473e57dcd5cf2333
-
SHA256
081ba60cfdc84fcd9c1bd234812c8dffdee559e44c2d54ab06522e94a4374254
-
SHA512
7bd1ce8b1d08ace60d3652a8899e8bb087ba411f552bfed884ea49976cf1f27858f8625d064138d61fb8d6b5089b4372d2fad5be109fa3484a136acdf47e1719
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
-
suricata: ET MALWARE JS/Nemucod.M.gen downloading EXE payload
suricata: ET MALWARE JS/Nemucod.M.gen downloading EXE payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-