General
-
Target
e743afa799cc5b1cc65d4ddf893536d050ae2dbd697319fef5211874f51c8605
-
Size
405KB
-
Sample
211125-e2hsysheg2
-
MD5
2aaa29fa71ad6649c994d5dbdeaaa858
-
SHA1
3bd05a465b96ed0a19f8434df51e3a6322756502
-
SHA256
e743afa799cc5b1cc65d4ddf893536d050ae2dbd697319fef5211874f51c8605
-
SHA512
b2497f1bd2c624ddb0cd6404bbcb0d9a9014c8704a306b091777dec7fa823439ffee5ae846d2daca21017661e60fb43e5a942679b70f6aeec4e8914ad90890ba
Static task
static1
Malware Config
Extracted
redline
Pubdate
193.56.146.64:65441
Targets
-
-
Target
e743afa799cc5b1cc65d4ddf893536d050ae2dbd697319fef5211874f51c8605
-
Size
405KB
-
MD5
2aaa29fa71ad6649c994d5dbdeaaa858
-
SHA1
3bd05a465b96ed0a19f8434df51e3a6322756502
-
SHA256
e743afa799cc5b1cc65d4ddf893536d050ae2dbd697319fef5211874f51c8605
-
SHA512
b2497f1bd2c624ddb0cd6404bbcb0d9a9014c8704a306b091777dec7fa823439ffee5ae846d2daca21017661e60fb43e5a942679b70f6aeec4e8914ad90890ba
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-