General
-
Target
2fdbbe32c94ec82a32e5c81f31a6d6ae0688d5be8a819.exe
-
Size
396KB
-
Sample
211109-pwrtsaccgp
-
MD5
6c785946fbf3d3d2d222aa290b7630c2
-
SHA1
d8990a7d359c3054d2add6e1070370f2068759db
-
SHA256
2fdbbe32c94ec82a32e5c81f31a6d6ae0688d5be8a819de8d468d36f54760f1b
-
SHA512
266dbf31b831a8684026e5e9343700d33b47477d31a1eb9505158fd7b03208df7d9e54d06666b59b47dc2b010527a7e840ac7f4d3b336617f9d2187ade9b8250
Static task
static1
Behavioral task
behavioral1
Sample
2fdbbe32c94ec82a32e5c81f31a6d6ae0688d5be8a819.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
2fdbbe32c94ec82a32e5c81f31a6d6ae0688d5be8a819.exe
Resource
win10-en-20211104
Malware Config
Extracted
redline
1132044836
185.183.32.184:80
Targets
-
-
Target
2fdbbe32c94ec82a32e5c81f31a6d6ae0688d5be8a819.exe
-
Size
396KB
-
MD5
6c785946fbf3d3d2d222aa290b7630c2
-
SHA1
d8990a7d359c3054d2add6e1070370f2068759db
-
SHA256
2fdbbe32c94ec82a32e5c81f31a6d6ae0688d5be8a819de8d468d36f54760f1b
-
SHA512
266dbf31b831a8684026e5e9343700d33b47477d31a1eb9505158fd7b03208df7d9e54d06666b59b47dc2b010527a7e840ac7f4d3b336617f9d2187ade9b8250
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-