General
-
Target
f749f73e9013428ee973ef8885eadc653fc66f8e94e0f59f90e3065e9272fcc4
-
Size
317KB
-
Sample
220531-pp9e9abbe3
-
MD5
97954dfdaadcfaecd653e5d037ab4c48
-
SHA1
9551ee8ddcade452861a98b66fb22de8d860715c
-
SHA256
f749f73e9013428ee973ef8885eadc653fc66f8e94e0f59f90e3065e9272fcc4
-
SHA512
c2a7d6e0023a3cb2954c467f10b5eb63cf9fe071f9e1e6726e78acfabe2fd66197fc97c2fa05c5704615935a38dca0f6ff057126b4b43ecbc27177653dda1314
Static task
static1
Behavioral task
behavioral1
Sample
f749f73e9013428ee973ef8885eadc653fc66f8e94e0f59f90e3065e9272fcc4.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
f749f73e9013428ee973ef8885eadc653fc66f8e94e0f59f90e3065e9272fcc4
-
Size
317KB
-
MD5
97954dfdaadcfaecd653e5d037ab4c48
-
SHA1
9551ee8ddcade452861a98b66fb22de8d860715c
-
SHA256
f749f73e9013428ee973ef8885eadc653fc66f8e94e0f59f90e3065e9272fcc4
-
SHA512
c2a7d6e0023a3cb2954c467f10b5eb63cf9fe071f9e1e6726e78acfabe2fd66197fc97c2fa05c5704615935a38dca0f6ff057126b4b43ecbc27177653dda1314
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-