General
-
Target
0683d97ef2bdf0cc83c6a5d85df862d5aad0e8a3036a0d4783d77ebe9c94e168
-
Size
319KB
-
Sample
220531-g4gpsacehq
-
MD5
67819abcf2818052e581155335138922
-
SHA1
cc111fa23010a3fd049a8e8e9e0dedb96df3f1d7
-
SHA256
0683d97ef2bdf0cc83c6a5d85df862d5aad0e8a3036a0d4783d77ebe9c94e168
-
SHA512
af99f707cc6ede066c846628298c2f449de3557dadf8e3167185678c24568366126757c182b437bfaad366f70ec7db777e41ea329171498f66903eca45890c44
Static task
static1
Behavioral task
behavioral1
Sample
0683d97ef2bdf0cc83c6a5d85df862d5aad0e8a3036a0d4783d77ebe9c94e168.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
0683d97ef2bdf0cc83c6a5d85df862d5aad0e8a3036a0d4783d77ebe9c94e168
-
Size
319KB
-
MD5
67819abcf2818052e581155335138922
-
SHA1
cc111fa23010a3fd049a8e8e9e0dedb96df3f1d7
-
SHA256
0683d97ef2bdf0cc83c6a5d85df862d5aad0e8a3036a0d4783d77ebe9c94e168
-
SHA512
af99f707cc6ede066c846628298c2f449de3557dadf8e3167185678c24568366126757c182b437bfaad366f70ec7db777e41ea329171498f66903eca45890c44
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-