General
-
Target
0cef60ef6fee1b06111eddb2222720b2b7ee7f01f1b4319dfbc620e1db491fa6
-
Size
420KB
-
Sample
220530-cjjlesebcn
-
MD5
05d6f6f2b2d69b6c5607a8f6a0187ee6
-
SHA1
633b4d6759a3cb6c378bdeedacf4bb3ab74b8936
-
SHA256
0cef60ef6fee1b06111eddb2222720b2b7ee7f01f1b4319dfbc620e1db491fa6
-
SHA512
844b824d5b59b527aa6b713eaeb5b6925f93c8f518b9cd81f8fdb119c6143bf262368b34af0db9f6eef999bf5237bfca48b7f98941e5ae1f6472a4cf3b4f3794
Static task
static1
Behavioral task
behavioral1
Sample
0cef60ef6fee1b06111eddb2222720b2b7ee7f01f1b4319dfbc620e1db491fa6.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
0cef60ef6fee1b06111eddb2222720b2b7ee7f01f1b4319dfbc620e1db491fa6
-
Size
420KB
-
MD5
05d6f6f2b2d69b6c5607a8f6a0187ee6
-
SHA1
633b4d6759a3cb6c378bdeedacf4bb3ab74b8936
-
SHA256
0cef60ef6fee1b06111eddb2222720b2b7ee7f01f1b4319dfbc620e1db491fa6
-
SHA512
844b824d5b59b527aa6b713eaeb5b6925f93c8f518b9cd81f8fdb119c6143bf262368b34af0db9f6eef999bf5237bfca48b7f98941e5ae1f6472a4cf3b4f3794
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-