General
-
Target
2acfdc710d1c679fd6dc470bc520bf4cbecb5990463cb44a2d32c06a960a44f5
-
Size
423KB
-
Sample
211127-mrmm6aabbl
-
MD5
bb28cd3e6d277d7e1a1f5a211554f8b0
-
SHA1
5ed1b519ac2bc44abc49a4514b1f23808469afeb
-
SHA256
2acfdc710d1c679fd6dc470bc520bf4cbecb5990463cb44a2d32c06a960a44f5
-
SHA512
9d42a3088b747cf891fd3dddb8e0b2c321ac9abe477d5d847779a8d113ec206d6f7d0c0e73797226f9d5e65c0b2a0f27a9330fd1519fc6a88cda0f79640c5c05
Static task
static1
Malware Config
Extracted
redline
Updbdate
193.56.146.64:65441
Targets
-
-
Target
2acfdc710d1c679fd6dc470bc520bf4cbecb5990463cb44a2d32c06a960a44f5
-
Size
423KB
-
MD5
bb28cd3e6d277d7e1a1f5a211554f8b0
-
SHA1
5ed1b519ac2bc44abc49a4514b1f23808469afeb
-
SHA256
2acfdc710d1c679fd6dc470bc520bf4cbecb5990463cb44a2d32c06a960a44f5
-
SHA512
9d42a3088b747cf891fd3dddb8e0b2c321ac9abe477d5d847779a8d113ec206d6f7d0c0e73797226f9d5e65c0b2a0f27a9330fd1519fc6a88cda0f79640c5c05
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-