General
-
Target
II6d3u6BssFXwheN.exe
-
Size
6.9MB
-
Sample
211114-hpsn6sdaan
-
MD5
69d92d9eee0f985652d9a8afdfaf3768
-
SHA1
afede92bba9584f02c0626cee9efd4f6fd7b97c1
-
SHA256
eb82ace4891074a9c78d6a73f08e2cde43f7db5cc8eb1aab442337210cb411a2
-
SHA512
e928ae30ec0e0ec85acaad2d24ed88874e9da8d7a4ded3cb19c30961aeef87b02204af6c6d51d63c56562358ce7f029a0fc3e7287b9a842d1d8aded2579a673c
Static task
static1
Behavioral task
behavioral1
Sample
II6d3u6BssFXwheN.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
II6d3u6BssFXwheN.exe
Resource
win10-en-20211014
Malware Config
Extracted
redline
94.26.230.203:48759
Targets
-
-
Target
II6d3u6BssFXwheN.exe
-
Size
6.9MB
-
MD5
69d92d9eee0f985652d9a8afdfaf3768
-
SHA1
afede92bba9584f02c0626cee9efd4f6fd7b97c1
-
SHA256
eb82ace4891074a9c78d6a73f08e2cde43f7db5cc8eb1aab442337210cb411a2
-
SHA512
e928ae30ec0e0ec85acaad2d24ed88874e9da8d7a4ded3cb19c30961aeef87b02204af6c6d51d63c56562358ce7f029a0fc3e7287b9a842d1d8aded2579a673c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-