General
-
Target
f2bbe38e92761a459eb1890f1a468862a7658436418abbb9c453b59290b91c0a
-
Size
403KB
-
Sample
211125-ydq9zagdgq
-
MD5
2a8522999b3b38776864804ea91b417e
-
SHA1
c61dddf5f940f7d287f546d6d8faf99ef7ccc30d
-
SHA256
f2bbe38e92761a459eb1890f1a468862a7658436418abbb9c453b59290b91c0a
-
SHA512
5b70e1699f9f32d7c1ff6fd0aa99566ecbd8a4aa1f8e3eee5fd9ced287b7015d59c7e825647f6aa6e89f874d593cdcbef66eb41dc666a4fc0420297098b6d953
Static task
static1
Malware Config
Extracted
redline
Pubdate
193.56.146.64:65441
Targets
-
-
Target
f2bbe38e92761a459eb1890f1a468862a7658436418abbb9c453b59290b91c0a
-
Size
403KB
-
MD5
2a8522999b3b38776864804ea91b417e
-
SHA1
c61dddf5f940f7d287f546d6d8faf99ef7ccc30d
-
SHA256
f2bbe38e92761a459eb1890f1a468862a7658436418abbb9c453b59290b91c0a
-
SHA512
5b70e1699f9f32d7c1ff6fd0aa99566ecbd8a4aa1f8e3eee5fd9ced287b7015d59c7e825647f6aa6e89f874d593cdcbef66eb41dc666a4fc0420297098b6d953
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-