General
-
Target
32fa63eb2d10761505aae0c150d8ac1b7b6aadf7e9252340e142bdb060d2b5ca
-
Size
425KB
-
Sample
211129-cykf9sebe8
-
MD5
87a8c11a8f81ec84a155e73c44ba4d9d
-
SHA1
8cc2b6a91a61c49942e7bf893507ff5af6835aa6
-
SHA256
32fa63eb2d10761505aae0c150d8ac1b7b6aadf7e9252340e142bdb060d2b5ca
-
SHA512
4cb2dab9d76ee74829fc9f28f952a6f3587a99e037c00f18716c58a20bbadecf148f57da7fe5d2d3258688bbb5ca3f76a4da4ad61d9e701e5649bb1572a63377
Static task
static1
Malware Config
Extracted
redline
bbtt1
212.193.30.196:13040
Targets
-
-
Target
32fa63eb2d10761505aae0c150d8ac1b7b6aadf7e9252340e142bdb060d2b5ca
-
Size
425KB
-
MD5
87a8c11a8f81ec84a155e73c44ba4d9d
-
SHA1
8cc2b6a91a61c49942e7bf893507ff5af6835aa6
-
SHA256
32fa63eb2d10761505aae0c150d8ac1b7b6aadf7e9252340e142bdb060d2b5ca
-
SHA512
4cb2dab9d76ee74829fc9f28f952a6f3587a99e037c00f18716c58a20bbadecf148f57da7fe5d2d3258688bbb5ca3f76a4da4ad61d9e701e5649bb1572a63377
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-