General
-
Target
ccbc19ffcf38c76087d9cfdd21a1cf63ca30bc57a4614fa75d169197d0d7961f
-
Size
318KB
-
Sample
220531-axavbscefk
-
MD5
20ab31454f1a0390e1c02e47afaa0969
-
SHA1
94c95b73cb72f759aba6a67e10c6a392afc422ae
-
SHA256
ccbc19ffcf38c76087d9cfdd21a1cf63ca30bc57a4614fa75d169197d0d7961f
-
SHA512
1aa46e8de3a8f8b943b17723fdd4f24d360efea93f7f9503154748b845bfdec4b326690458161ace1b989ff9faf0cc1c2bd7cb2359b8d8b23346767d46b376ec
Static task
static1
Behavioral task
behavioral1
Sample
ccbc19ffcf38c76087d9cfdd21a1cf63ca30bc57a4614fa75d169197d0d7961f.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
ccbc19ffcf38c76087d9cfdd21a1cf63ca30bc57a4614fa75d169197d0d7961f
-
Size
318KB
-
MD5
20ab31454f1a0390e1c02e47afaa0969
-
SHA1
94c95b73cb72f759aba6a67e10c6a392afc422ae
-
SHA256
ccbc19ffcf38c76087d9cfdd21a1cf63ca30bc57a4614fa75d169197d0d7961f
-
SHA512
1aa46e8de3a8f8b943b17723fdd4f24d360efea93f7f9503154748b845bfdec4b326690458161ace1b989ff9faf0cc1c2bd7cb2359b8d8b23346767d46b376ec
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-