General
-
Target
ef1d1425ad6d940b12e5e8a5afdce81bfb802bf5cac2a824673dd8ac6ad3d3f9
-
Size
243KB
-
Sample
220211-ttpzmaeeaq
-
MD5
de80cf06bb2000d818d0b3aae0d94d58
-
SHA1
8ba8587634c3853434fc62c21b9ba78f83bdec5c
-
SHA256
ef79f6db1bdf3bf268d3b07980172db180b2e13df412f58e7fb08af76790d761
-
SHA512
5c680d1e788e66ca6566dd6ffce06b1522b81c98a9f142d6503394239fa746f6a4aa494f1092dddd22f64efa199dbdbb098e479f7e65e3969928188670b605bc
Static task
static1
Behavioral task
behavioral1
Sample
ef1d1425ad6d940b12e5e8a5afdce81bfb802bf5cac2a824673dd8ac6ad3d3f9.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
ruzkiKAKOYTO
185.215.113.29:20819
-
auth_value
44e87155dd7a4d1957a956ed040ff3fd
Targets
-
-
Target
ef1d1425ad6d940b12e5e8a5afdce81bfb802bf5cac2a824673dd8ac6ad3d3f9
-
Size
375KB
-
MD5
fdd592dd8e14f4ca67384cd84c8052c8
-
SHA1
b48c85bb98ef4db20e7715f90dfc6792ba88751e
-
SHA256
ef1d1425ad6d940b12e5e8a5afdce81bfb802bf5cac2a824673dd8ac6ad3d3f9
-
SHA512
8f7e5f4c9ad0f180512d19f2e944d2e0b9f05a50574bf711c75669f4cd10fbafb2a842c321e99200fd61c7c78607bcc9a779ac7e49dc8dc3bee491ca38d1289e
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-