General
-
Target
Offscum.exe
-
Size
384KB
-
Sample
220522-gbt5eabedm
-
MD5
f825accdbb1a8a19a89c2222866edcdd
-
SHA1
b684f64d648ef96328c40317187c5b77a9bd7731
-
SHA256
ade8d7f178b2be67a5b7254cd7db3db9541c8ab16c493a2f33aa0fe4f303a9b2
-
SHA512
84c3b95cea47cefbbc285ff8a216c46300dc1353032095439110c0a06eaac60a5bb45b93ec9ccd5501d70fb73583f225251e77443f5abf9e1030711831e943e3
Static task
static1
Behavioral task
behavioral1
Sample
Offscum.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
test1
185.215.113.75:80
-
auth_value
7ab4a4e2eae9eb7ae10f64f68df53bb3
Targets
-
-
Target
Offscum.exe
-
Size
384KB
-
MD5
f825accdbb1a8a19a89c2222866edcdd
-
SHA1
b684f64d648ef96328c40317187c5b77a9bd7731
-
SHA256
ade8d7f178b2be67a5b7254cd7db3db9541c8ab16c493a2f33aa0fe4f303a9b2
-
SHA512
84c3b95cea47cefbbc285ff8a216c46300dc1353032095439110c0a06eaac60a5bb45b93ec9ccd5501d70fb73583f225251e77443f5abf9e1030711831e943e3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-