General
-
Target
1600-79-0x0000000000860000-0x0000000001084000-memory.dmp
-
Size
8.1MB
-
Sample
220328-2p6etaccel
-
MD5
241e7da27ae2cc1e17a8d9fe53d2620a
-
SHA1
fa832ccd8058ff2444c4239679e9eb9b0bf29022
-
SHA256
eaa8491a34f287f983588eeb182cb91b753d24c4218f1a4c429c619441449635
-
SHA512
06c43b61180c15be7252307aed202fbe0f4356651330b0455d1de315e163b7ed2ca633a26710d24e8935554445354c1e994eaf911c335e89ebc757ec44dd65db
Behavioral task
behavioral1
Sample
1600-79-0x0000000000860000-0x0000000001084000-memory.exe
Resource
win7-20220311-en
Malware Config
Extracted
redline
1877
hawler.duckdns.org:56199
Targets
-
-
Target
1600-79-0x0000000000860000-0x0000000001084000-memory.dmp
-
Size
8.1MB
-
MD5
241e7da27ae2cc1e17a8d9fe53d2620a
-
SHA1
fa832ccd8058ff2444c4239679e9eb9b0bf29022
-
SHA256
eaa8491a34f287f983588eeb182cb91b753d24c4218f1a4c429c619441449635
-
SHA512
06c43b61180c15be7252307aed202fbe0f4356651330b0455d1de315e163b7ed2ca633a26710d24e8935554445354c1e994eaf911c335e89ebc757ec44dd65db
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-