General
-
Target
0x0007000000021e83-163.dat
-
Size
107KB
-
Sample
220315-r61ksabbhq
-
MD5
00e43a3bfd4f821d13329209ab4875e7
-
SHA1
3a6648e1f23684d2ffe2e5af683761c184537a1e
-
SHA256
354a014aac7be2159294631afdc5a0683edd91ec8b7c9b34d3548b2227a047f2
-
SHA512
2c018312976ce2d0b5e5cf12b5e5daa3773507042fceab0ab4a88f38db53cc3a99063cc6455412cd93b308a2fcdd6b777f0c56c8b1b1686bab942464867a4c62
Behavioral task
behavioral1
Sample
0x0007000000021e83-163.exe
Resource
win7-20220311-en
Malware Config
Extracted
redline
da da
86.107.197.196:63065
-
auth_value
9b1654b30797c210c85bd0890936a5b9
Targets
-
-
Target
0x0007000000021e83-163.dat
-
Size
107KB
-
MD5
00e43a3bfd4f821d13329209ab4875e7
-
SHA1
3a6648e1f23684d2ffe2e5af683761c184537a1e
-
SHA256
354a014aac7be2159294631afdc5a0683edd91ec8b7c9b34d3548b2227a047f2
-
SHA512
2c018312976ce2d0b5e5cf12b5e5daa3773507042fceab0ab4a88f38db53cc3a99063cc6455412cd93b308a2fcdd6b777f0c56c8b1b1686bab942464867a4c62
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-