General
-
Target
58af05687c427abf79f665c75b199d24a5a3a0976ece82d6479015d14eb0bb10
-
Size
404KB
-
Sample
211125-tz6vbsfgcr
-
MD5
321a79a8f02fc5edb9f7d9820a7a9908
-
SHA1
fadcf7b810f5660fd695de49dd66868a4cebbd19
-
SHA256
58af05687c427abf79f665c75b199d24a5a3a0976ece82d6479015d14eb0bb10
-
SHA512
63f8f70f3c53a1423664342666927ee6370724c526bc37e726d6aa6c6edfd94890ee0d029f18d87a0c3ded90876c6238fddde5032de9f1d0823fe4a23fe419e8
Static task
static1
Malware Config
Extracted
redline
RUZKI
185.215.113.29:26828
Targets
-
-
Target
58af05687c427abf79f665c75b199d24a5a3a0976ece82d6479015d14eb0bb10
-
Size
404KB
-
MD5
321a79a8f02fc5edb9f7d9820a7a9908
-
SHA1
fadcf7b810f5660fd695de49dd66868a4cebbd19
-
SHA256
58af05687c427abf79f665c75b199d24a5a3a0976ece82d6479015d14eb0bb10
-
SHA512
63f8f70f3c53a1423664342666927ee6370724c526bc37e726d6aa6c6edfd94890ee0d029f18d87a0c3ded90876c6238fddde5032de9f1d0823fe4a23fe419e8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-