General
-
Target
428bd865041b49829bad68c10f9a7ebb.exe
-
Size
333KB
-
Sample
211025-yktnnsgfa6
-
MD5
428bd865041b49829bad68c10f9a7ebb
-
SHA1
fabec2a27fe639261cf8ef9a2382e655e31fae93
-
SHA256
1e9bca11852588fff0ba71bd61a90c7c8d364f8b27dbd79d2fafbeae0059f3ff
-
SHA512
d6836f4d8ef4d8d19d538accc591ed67d4418f7373c18f9c6c22b2dfdfd664579c420d644611d30571095e77e48cfadbf4ef2849cc75005f844cd7ce5586e738
Static task
static1
Behavioral task
behavioral1
Sample
428bd865041b49829bad68c10f9a7ebb.exe
Resource
win7-en-20211014
Malware Config
Extracted
redline
build999
109.107.191.123:52781
Targets
-
-
Target
428bd865041b49829bad68c10f9a7ebb.exe
-
Size
333KB
-
MD5
428bd865041b49829bad68c10f9a7ebb
-
SHA1
fabec2a27fe639261cf8ef9a2382e655e31fae93
-
SHA256
1e9bca11852588fff0ba71bd61a90c7c8d364f8b27dbd79d2fafbeae0059f3ff
-
SHA512
d6836f4d8ef4d8d19d538accc591ed67d4418f7373c18f9c6c22b2dfdfd664579c420d644611d30571095e77e48cfadbf4ef2849cc75005f844cd7ce5586e738
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-