General
-
Target
8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d
-
Size
243KB
-
Sample
220212-13skfadbg8
-
MD5
502b319744b6ca9e43eb167c9fe49e1c
-
SHA1
96c349a468f46af5bbb8828f9246a5d1730d7356
-
SHA256
c7fe331010b01ad45435a647a2658990e67a1d44c88be75e19d2c0945ad8fffe
-
SHA512
20df8321f1acd0a8e1efb1de13d29dad54960df798d158e336a839dd9b42fb24e8388979b1180988fb9127862611a6a290c645df54982275fa023f52aefffafe
Static task
static1
Behavioral task
behavioral1
Sample
8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d.exe
Resource
win7-en-20211208
Malware Config
Extracted
redline
ruzkiKAKOYTO
185.215.113.29:20819
-
auth_value
44e87155dd7a4d1957a956ed040ff3fd
Targets
-
-
Target
8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d
-
Size
375KB
-
MD5
32816da2c4b57793f943d58058d9abec
-
SHA1
2b7ec6b605cabf7c1156abb99640d30c6567203d
-
SHA256
8ac1ff8f3045a819c8bc2b7e6f11eef96117f8e11b81f97a1c5ac72cc807458d
-
SHA512
634bf6e5350d5b041b093fb49c330533c0ebb42105bc386b941ab7e3c619122418b905410a660517a99e12574c78f8ddf4b5bf1f21b73233678cda0842ff94bf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-