General
-
Target
96fe04f25e0f7dc80abb008e2f70e6ea
-
Size
613KB
-
Sample
211119-yzehaseeb2
-
MD5
96fe04f25e0f7dc80abb008e2f70e6ea
-
SHA1
731b1b4c7251f705c4ad90626d77761d9aa8837c
-
SHA256
ec75d2e78898eef0f85ec90d16989cf9c1fb5f1e0f7b45cddad67192846aa8da
-
SHA512
537a7e0d153fc8a386ea7caaa27f93415a2517ea51a172b3c73a3e12c82eb7fc91c688bfdf911673b03ecc43d6a0f4d2c115699677208f7dd90cf24b990688ac
Static task
static1
Behavioral task
behavioral1
Sample
96fe04f25e0f7dc80abb008e2f70e6ea.exe
Resource
win7-en-20211104
Malware Config
Extracted
redline
Alex
178.238.8.72:49214
Extracted
redline
bot_tg
188.119.113.20:27724
Targets
-
-
Target
96fe04f25e0f7dc80abb008e2f70e6ea
-
Size
613KB
-
MD5
96fe04f25e0f7dc80abb008e2f70e6ea
-
SHA1
731b1b4c7251f705c4ad90626d77761d9aa8837c
-
SHA256
ec75d2e78898eef0f85ec90d16989cf9c1fb5f1e0f7b45cddad67192846aa8da
-
SHA512
537a7e0d153fc8a386ea7caaa27f93415a2517ea51a172b3c73a3e12c82eb7fc91c688bfdf911673b03ecc43d6a0f4d2c115699677208f7dd90cf24b990688ac
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-