General
-
Target
cf0b9e22bb46f92f60f0d81a6004aaac.exe
-
Size
363KB
-
Sample
211026-yeemkaabh6
-
MD5
cf0b9e22bb46f92f60f0d81a6004aaac
-
SHA1
f28f278e0dd0a35b83c279548b48790104dafde8
-
SHA256
9dc092fdfab11892e7e732bc89f84af4afa7d72ad1e0032d00ca2e42d6f51298
-
SHA512
0e8437e10c4ba36b6a1cc831a215c73b308627270bc260fc01eb5636fa1168bbe7903a14adc681e6642072f080d7a3b4900241e85b8fb80447c971ebdd5cb56a
Static task
static1
Behavioral task
behavioral1
Sample
cf0b9e22bb46f92f60f0d81a6004aaac.exe
Resource
win7-en-20211014
Malware Config
Extracted
redline
paladin
193.150.103.37:29118
Targets
-
-
Target
cf0b9e22bb46f92f60f0d81a6004aaac.exe
-
Size
363KB
-
MD5
cf0b9e22bb46f92f60f0d81a6004aaac
-
SHA1
f28f278e0dd0a35b83c279548b48790104dafde8
-
SHA256
9dc092fdfab11892e7e732bc89f84af4afa7d72ad1e0032d00ca2e42d6f51298
-
SHA512
0e8437e10c4ba36b6a1cc831a215c73b308627270bc260fc01eb5636fa1168bbe7903a14adc681e6642072f080d7a3b4900241e85b8fb80447c971ebdd5cb56a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-