General
-
Target
a237f8b9bbc300dcd1ea0dd7688ec23e
-
Size
426KB
-
Sample
211129-kw6wgsbhcm
-
MD5
a237f8b9bbc300dcd1ea0dd7688ec23e
-
SHA1
26676fc0f70f8233fe8a87d538dcd11e9dba37ad
-
SHA256
6f4d0be0c5e4824c213ca020779cee9279d0ed576c2a13d058ecfd992ade3d9e
-
SHA512
4c6035a94c98028e01bb46d7c72467430037139465f04b6a6965fba3911102e3be9d265dadcf71415819d4054487aa690302075c3caaf025739255dc17f74a4a
Static task
static1
Behavioral task
behavioral1
Sample
a237f8b9bbc300dcd1ea0dd7688ec23e.exe
Resource
win7-en-20211104
Malware Config
Extracted
redline
bbtt1
212.193.30.196:13040
Targets
-
-
Target
a237f8b9bbc300dcd1ea0dd7688ec23e
-
Size
426KB
-
MD5
a237f8b9bbc300dcd1ea0dd7688ec23e
-
SHA1
26676fc0f70f8233fe8a87d538dcd11e9dba37ad
-
SHA256
6f4d0be0c5e4824c213ca020779cee9279d0ed576c2a13d058ecfd992ade3d9e
-
SHA512
4c6035a94c98028e01bb46d7c72467430037139465f04b6a6965fba3911102e3be9d265dadcf71415819d4054487aa690302075c3caaf025739255dc17f74a4a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-