General
-
Target
14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b
-
Size
402KB
-
Sample
211125-zpekzsgfhk
-
MD5
b0e936df895d808ad6e94656df0cc9c0
-
SHA1
cdac1b82ed81230280d816ccb5c4bf045a98711e
-
SHA256
14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b
-
SHA512
2cc95676b4d30c12b1fd6ee11805a4df5e170dfe264dbc328bed0c39243b734d765ea94d210c5e00d43ae509b60197ed454a0f3456ed3d5df8e33e389ad7b5d4
Static task
static1
Malware Config
Extracted
redline
Updbdate
193.56.146.64:65441
Targets
-
-
Target
14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b
-
Size
402KB
-
MD5
b0e936df895d808ad6e94656df0cc9c0
-
SHA1
cdac1b82ed81230280d816ccb5c4bf045a98711e
-
SHA256
14fa007ae74e0644b3077eaef9b78ac731c7c5b25daf649ab28206cb476df39b
-
SHA512
2cc95676b4d30c12b1fd6ee11805a4df5e170dfe264dbc328bed0c39243b734d765ea94d210c5e00d43ae509b60197ed454a0f3456ed3d5df8e33e389ad7b5d4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-