General
-
Target
cea9b711a775c70613df7ec96bdd46d4fb2b062416271c3054cc0ced17ba8162
-
Size
415KB
-
Sample
220530-nk8gqaccbr
-
MD5
b267b30f804c72cbed04ee8641b934a8
-
SHA1
53b4a0b3e4a6aa4f1697193d5b04c0672c96ce3b
-
SHA256
cea9b711a775c70613df7ec96bdd46d4fb2b062416271c3054cc0ced17ba8162
-
SHA512
971a7a1fc4d8f60f0736ea744e64391ee2995d40108e992fcd324ad128d3c9fd8a62f3bbb793ef9664fa0997957410872ca414ffbcb78ec0cd2202cdeb9b4006
Static task
static1
Behavioral task
behavioral1
Sample
cea9b711a775c70613df7ec96bdd46d4fb2b062416271c3054cc0ced17ba8162.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
cea9b711a775c70613df7ec96bdd46d4fb2b062416271c3054cc0ced17ba8162
-
Size
415KB
-
MD5
b267b30f804c72cbed04ee8641b934a8
-
SHA1
53b4a0b3e4a6aa4f1697193d5b04c0672c96ce3b
-
SHA256
cea9b711a775c70613df7ec96bdd46d4fb2b062416271c3054cc0ced17ba8162
-
SHA512
971a7a1fc4d8f60f0736ea744e64391ee2995d40108e992fcd324ad128d3c9fd8a62f3bbb793ef9664fa0997957410872ca414ffbcb78ec0cd2202cdeb9b4006
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-