General
-
Target
69a58ccb28fa6bf80af2090bf8d68a73123897492d077e841bb748e47d2ddd6b
-
Size
403KB
-
Sample
211125-ya661sbga3
-
MD5
e92c9fef7c31d6360b7d892fccab6904
-
SHA1
9d00bb02394137748c77fbe54600dcc96f390de7
-
SHA256
69a58ccb28fa6bf80af2090bf8d68a73123897492d077e841bb748e47d2ddd6b
-
SHA512
9637d5e1738f2a75f82e1401e0c5f5ca01b999a57cfa68812c03fdd8f4df5a8198661886dfa33d008546dae328ae45f172a4ebdf440538ec39287321b5df2a0b
Static task
static1
Malware Config
Extracted
redline
Updbdate
193.56.146.64:65441
Targets
-
-
Target
69a58ccb28fa6bf80af2090bf8d68a73123897492d077e841bb748e47d2ddd6b
-
Size
403KB
-
MD5
e92c9fef7c31d6360b7d892fccab6904
-
SHA1
9d00bb02394137748c77fbe54600dcc96f390de7
-
SHA256
69a58ccb28fa6bf80af2090bf8d68a73123897492d077e841bb748e47d2ddd6b
-
SHA512
9637d5e1738f2a75f82e1401e0c5f5ca01b999a57cfa68812c03fdd8f4df5a8198661886dfa33d008546dae328ae45f172a4ebdf440538ec39287321b5df2a0b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-