General
-
Target
0x0008000000013a8b-71.dat
-
Size
102KB
-
Sample
220324-zkb93aahen
-
MD5
45ed3071803b83c772409ca27d59b450
-
SHA1
d5c8365847583db6ea84b09a4877d6e4b8d11a4a
-
SHA256
9b47990bfd7bd783dadfd534c4ba4f2d67c8044b39f24cf62ff2d96c9f78b88c
-
SHA512
c09c39bffc40c1521609190004ecae9191e9ab4d10c214c2f6ee42f9575e681f753fc12cb550688287f840c228fccd8ba56d7eebd4b2c845031c2cc060c03553
Static task
static1
Behavioral task
behavioral1
Sample
0x0008000000013a8b-71.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
0x0008000000013a8b-71.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
redline
1137502411
193.232.179.34:20856
-
auth_value
bf80dce2076c6f3cb9ed05b510f4060e
Targets
-
-
Target
0x0008000000013a8b-71.dat
-
Size
102KB
-
MD5
45ed3071803b83c772409ca27d59b450
-
SHA1
d5c8365847583db6ea84b09a4877d6e4b8d11a4a
-
SHA256
9b47990bfd7bd783dadfd534c4ba4f2d67c8044b39f24cf62ff2d96c9f78b88c
-
SHA512
c09c39bffc40c1521609190004ecae9191e9ab4d10c214c2f6ee42f9575e681f753fc12cb550688287f840c228fccd8ba56d7eebd4b2c845031c2cc060c03553
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-