General
-
Target
3a339de235242061e8af92ed17d9838e.exe
-
Size
4.1MB
-
Sample
220510-sa1fkshce2
-
MD5
3a339de235242061e8af92ed17d9838e
-
SHA1
0a697ae927bb4167ae2fca4ebb38d9926843c4ea
-
SHA256
8992d2265f134a8d823d152e745f2fce0c7a2b4fa05bdb6f52e880e03abc20e2
-
SHA512
3ab0b8fb77a8916e418a08077165c2de1893b7a755042c08d7ba7b591837fc4b26172c19a6c81d9eb4c1bbebdd62097abf66f4105c40eb6e6d7ad3b88c71aee1
Static task
static1
Behavioral task
behavioral1
Sample
3a339de235242061e8af92ed17d9838e.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
install
31.41.244.92:6188
-
auth_value
eb23a0ca5a38a3bf1eb16b2f08524f35
Targets
-
-
Target
3a339de235242061e8af92ed17d9838e.exe
-
Size
4.1MB
-
MD5
3a339de235242061e8af92ed17d9838e
-
SHA1
0a697ae927bb4167ae2fca4ebb38d9926843c4ea
-
SHA256
8992d2265f134a8d823d152e745f2fce0c7a2b4fa05bdb6f52e880e03abc20e2
-
SHA512
3ab0b8fb77a8916e418a08077165c2de1893b7a755042c08d7ba7b591837fc4b26172c19a6c81d9eb4c1bbebdd62097abf66f4105c40eb6e6d7ad3b88c71aee1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-