General
-
Target
9f8914aae513f03127e3be61caaac9d8ad54cff4ae47f10157bf5c4f31236879
-
Size
286KB
-
Sample
211126-rwwh3schfk
-
MD5
e9972d8d6d8443bbaa4167a8be6e55c5
-
SHA1
993cfeea49e56026f7c0621232ad64948f851240
-
SHA256
9f8914aae513f03127e3be61caaac9d8ad54cff4ae47f10157bf5c4f31236879
-
SHA512
16837cfaf3eb59497da00565f1efe4060be8c1ce6ead0dced2f89a0dc855fc4171c34b709fabef22a21b97bd8f514bd5a5743d96efe94114417b734aca514293
Static task
static1
Malware Config
Extracted
redline
Updbdate
193.56.146.64:65441
Targets
-
-
Target
9f8914aae513f03127e3be61caaac9d8ad54cff4ae47f10157bf5c4f31236879
-
Size
286KB
-
MD5
e9972d8d6d8443bbaa4167a8be6e55c5
-
SHA1
993cfeea49e56026f7c0621232ad64948f851240
-
SHA256
9f8914aae513f03127e3be61caaac9d8ad54cff4ae47f10157bf5c4f31236879
-
SHA512
16837cfaf3eb59497da00565f1efe4060be8c1ce6ead0dced2f89a0dc855fc4171c34b709fabef22a21b97bd8f514bd5a5743d96efe94114417b734aca514293
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-