General
-
Target
5dbc85fccaad82c3ec9ca4b8caf2e955a144ea436ebaec2351d0600af1e79d06
-
Size
415KB
-
Sample
220530-tcjfhsagc9
-
MD5
a3508757c57ad9349c0861ac15381875
-
SHA1
24ec0a0bfd7de35076f86c0238b009517fd18009
-
SHA256
5dbc85fccaad82c3ec9ca4b8caf2e955a144ea436ebaec2351d0600af1e79d06
-
SHA512
a37bfc701c32e3090a85e8b3164ff77bc04eb1d030a29a6b4b633c0cfc62b85168bb060434b548225827ec4bab85f817023bbf6d92598563c811301b0af3414d
Static task
static1
Behavioral task
behavioral1
Sample
5dbc85fccaad82c3ec9ca4b8caf2e955a144ea436ebaec2351d0600af1e79d06.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
5dbc85fccaad82c3ec9ca4b8caf2e955a144ea436ebaec2351d0600af1e79d06
-
Size
415KB
-
MD5
a3508757c57ad9349c0861ac15381875
-
SHA1
24ec0a0bfd7de35076f86c0238b009517fd18009
-
SHA256
5dbc85fccaad82c3ec9ca4b8caf2e955a144ea436ebaec2351d0600af1e79d06
-
SHA512
a37bfc701c32e3090a85e8b3164ff77bc04eb1d030a29a6b4b633c0cfc62b85168bb060434b548225827ec4bab85f817023bbf6d92598563c811301b0af3414d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-