General
-
Target
20f07e34a9d1298095bcd60403889d281e06cb3c96e1cd000a20bf059881aabd
-
Size
420KB
-
Sample
220530-fbav4adgg8
-
MD5
889cc1529ad3c1e972dbcbf8d5350be0
-
SHA1
29f23611b9544ff3eb7d0b50102ff668f2630f10
-
SHA256
20f07e34a9d1298095bcd60403889d281e06cb3c96e1cd000a20bf059881aabd
-
SHA512
f157b1cde2c21664ec08bb70cebce7ced271cff533fdac202e2ce95de3c88398d11db3bfa6aa512bdc92610388e1d9a200a0e2d5173ffabd14eba125228cd228
Static task
static1
Behavioral task
behavioral1
Sample
20f07e34a9d1298095bcd60403889d281e06cb3c96e1cd000a20bf059881aabd.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
20f07e34a9d1298095bcd60403889d281e06cb3c96e1cd000a20bf059881aabd
-
Size
420KB
-
MD5
889cc1529ad3c1e972dbcbf8d5350be0
-
SHA1
29f23611b9544ff3eb7d0b50102ff668f2630f10
-
SHA256
20f07e34a9d1298095bcd60403889d281e06cb3c96e1cd000a20bf059881aabd
-
SHA512
f157b1cde2c21664ec08bb70cebce7ced271cff533fdac202e2ce95de3c88398d11db3bfa6aa512bdc92610388e1d9a200a0e2d5173ffabd14eba125228cd228
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-