General
-
Target
ba1cfedeaad50cb7945344440676fb95f86511d8c0975a64235c075c8fbece13
-
Size
393KB
-
Sample
211127-hmbmwahcdp
-
MD5
c1cebf649c8e15e0dd06245a0d717e54
-
SHA1
8a77d2bd5fbf1999faecaf17f48585d423a294f3
-
SHA256
ba1cfedeaad50cb7945344440676fb95f86511d8c0975a64235c075c8fbece13
-
SHA512
0171eeb0fafe942721265c59350bc5bd7bd0e80a28f4aab4d3cb719dcbc317e318f6b6657309a3297a7750ee2a2305afd4b56803630d4d6476c0d01eb4095fd0
Static task
static1
Malware Config
Extracted
redline
udptest
193.56.146.64:65441
Targets
-
-
Target
ba1cfedeaad50cb7945344440676fb95f86511d8c0975a64235c075c8fbece13
-
Size
393KB
-
MD5
c1cebf649c8e15e0dd06245a0d717e54
-
SHA1
8a77d2bd5fbf1999faecaf17f48585d423a294f3
-
SHA256
ba1cfedeaad50cb7945344440676fb95f86511d8c0975a64235c075c8fbece13
-
SHA512
0171eeb0fafe942721265c59350bc5bd7bd0e80a28f4aab4d3cb719dcbc317e318f6b6657309a3297a7750ee2a2305afd4b56803630d4d6476c0d01eb4095fd0
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-