General
-
Target
8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d
-
Size
243KB
-
Sample
220211-wl1r9sdad8
-
MD5
13d632ccdb78d1a8722883a1b89dd7e0
-
SHA1
b89a2737a1394e894285ed55d61035970a4f0cce
-
SHA256
2da1df1d937dc7f605e62a93933854bfda703cffc8ec7ed7614886bdb8291e97
-
SHA512
84fdc49d993a1ed9593833682c90b2d0e54301764766fc86d20436668121ce594cd2fca2d58cfc518ebb9f3370fea69ecd718bcb9af5857fd20ec9de75be58b0
Static task
static1
Behavioral task
behavioral1
Sample
8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
ruzkiKAKOYTO
185.215.113.29:20819
-
auth_value
44e87155dd7a4d1957a956ed040ff3fd
Targets
-
-
Target
8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d
-
Size
375KB
-
MD5
32816da2c4b57793f943d58058d9abec
-
SHA1
2b7ec6b605cabf7c1156abb99640d30c6567203d
-
SHA256
8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d
-
SHA512
634bf6e5350d5b041b093fb49c330533c0ebb42105bc386b941ab7e3c619122418b905410a660517a99e12574c78f8ddf4b5bf1f21b73233678cda0842ff94bf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-