General
-
Target
d3436b8c9a09312555000dad24dcd7f3eb9bdc3d4bdcea3a835e624d352ce084
-
Size
319KB
-
Sample
220531-dekhlabhh3
-
MD5
5dfe15399c0959f6133ef3e415f4e9bf
-
SHA1
ab023c97c21a8862e634bdddfc363a776f97c11b
-
SHA256
d3436b8c9a09312555000dad24dcd7f3eb9bdc3d4bdcea3a835e624d352ce084
-
SHA512
e8d5e50f480334ab83534f692ba4e39cdd902a8ea2e4b2abf55682267c7cd8cc628fb0f760068a9bb893e9ca8c99a9bedbbd293b0676920efe6f0d2778a9c9a8
Static task
static1
Behavioral task
behavioral1
Sample
d3436b8c9a09312555000dad24dcd7f3eb9bdc3d4bdcea3a835e624d352ce084.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
d3436b8c9a09312555000dad24dcd7f3eb9bdc3d4bdcea3a835e624d352ce084
-
Size
319KB
-
MD5
5dfe15399c0959f6133ef3e415f4e9bf
-
SHA1
ab023c97c21a8862e634bdddfc363a776f97c11b
-
SHA256
d3436b8c9a09312555000dad24dcd7f3eb9bdc3d4bdcea3a835e624d352ce084
-
SHA512
e8d5e50f480334ab83534f692ba4e39cdd902a8ea2e4b2abf55682267c7cd8cc628fb0f760068a9bb893e9ca8c99a9bedbbd293b0676920efe6f0d2778a9c9a8
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-