General
-
Target
DullWave.exe
-
Size
349KB
-
Sample
211114-h8dz5adaem
-
MD5
0665ba719ccec50da756b5e3048584ba
-
SHA1
fcf43914e92ee6a1a76c9312038bafee6bb44236
-
SHA256
291ab20ad023093d78e6cbdee32629fb3c70a6754171253337d568e3752eed5f
-
SHA512
85c403b2ef2c0ee8f2c2592d82aafc04aa107f3f753fc74b3d7dd6b4fbad28ea227aad7ce875ddf37f5cb758aa30998b6cbdfca07ac96c925acf6aded4b35545
Static task
static1
Behavioral task
behavioral1
Sample
DullWave.exe
Resource
win7-en-20211014
Malware Config
Extracted
redline
185.215.113.109:44059
Extracted
redline
xxluchxx1
212.86.102.63:62907
Targets
-
-
Target
DullWave.exe
-
Size
349KB
-
MD5
0665ba719ccec50da756b5e3048584ba
-
SHA1
fcf43914e92ee6a1a76c9312038bafee6bb44236
-
SHA256
291ab20ad023093d78e6cbdee32629fb3c70a6754171253337d568e3752eed5f
-
SHA512
85c403b2ef2c0ee8f2c2592d82aafc04aa107f3f753fc74b3d7dd6b4fbad28ea227aad7ce875ddf37f5cb758aa30998b6cbdfca07ac96c925acf6aded4b35545
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-