General
-
Target
data64_4.exeoxyscbzt
-
Size
404KB
-
Sample
220525-1e5vvshcfk
-
MD5
edcec40fb5ee7f18b37a64b2263b755a
-
SHA1
cf7eb0b13ced52cb8b012e13a5d1cba9bf8bd48b
-
SHA256
f7c781616e39d720a321fe772fd3c5963d9b76f4d77cbb863a447b128bab829e
-
SHA512
a638edd29b75fc257bfa370839c36cf2f38dd93898d5f5e5ffd5811ed420cbce1b255f513338371c6aa64dbb5b7f51201858ddbafb56be8b961723c9c10b1bff
Static task
static1
Behavioral task
behavioral1
Sample
data64_4.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
Lyla2
185.215.113.201:21921
-
auth_value
f3b96059847b054b3939cadefd4424ee
Targets
-
-
Target
data64_4.exeoxyscbzt
-
Size
404KB
-
MD5
edcec40fb5ee7f18b37a64b2263b755a
-
SHA1
cf7eb0b13ced52cb8b012e13a5d1cba9bf8bd48b
-
SHA256
f7c781616e39d720a321fe772fd3c5963d9b76f4d77cbb863a447b128bab829e
-
SHA512
a638edd29b75fc257bfa370839c36cf2f38dd93898d5f5e5ffd5811ed420cbce1b255f513338371c6aa64dbb5b7f51201858ddbafb56be8b961723c9c10b1bff
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-