General
-
Target
dba1495e97de30ef46a3c2c3bb64732e.exe
-
Size
401KB
-
Sample
211219-fry8maggfl
-
MD5
dba1495e97de30ef46a3c2c3bb64732e
-
SHA1
4b6e27cb729dff01c101056170991c3c5b3bfc90
-
SHA256
3382a19cfeb458ea2619cbdb3f9d55af8ef648b732a90588a942341c33d51b15
-
SHA512
8ca1d132873e627f6d95f7bab698c3f7b81f192edac1b7653d7c9638c52dd531915e85905643247377b9eee048c3c24511d33442347932df4b6a4e4821eff05d
Static task
static1
Behavioral task
behavioral1
Sample
dba1495e97de30ef46a3c2c3bb64732e.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
170
45.9.20.240:46257
Targets
-
-
Target
dba1495e97de30ef46a3c2c3bb64732e.exe
-
Size
401KB
-
MD5
dba1495e97de30ef46a3c2c3bb64732e
-
SHA1
4b6e27cb729dff01c101056170991c3c5b3bfc90
-
SHA256
3382a19cfeb458ea2619cbdb3f9d55af8ef648b732a90588a942341c33d51b15
-
SHA512
8ca1d132873e627f6d95f7bab698c3f7b81f192edac1b7653d7c9638c52dd531915e85905643247377b9eee048c3c24511d33442347932df4b6a4e4821eff05d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-