General
-
Target
e0535dd44a0184ef401172dab1e0883883203a609c8f7f4f538172bc64eaf254
-
Size
318KB
-
Sample
220531-tmm7fsbfh7
-
MD5
fdb18ec08eb5ccc65b8bba083c682e08
-
SHA1
0e036a7837f018c057f2900b41be8990f9ca7dd3
-
SHA256
e0535dd44a0184ef401172dab1e0883883203a609c8f7f4f538172bc64eaf254
-
SHA512
8bcd94d2580ee48ee20dca383bb1be1f2bfd5586809cf2a3c308af07ca7ff52bf4545e7f7a7075fe1a1c617e86a6639c1545d494b037581d38a3cd3081809367
Static task
static1
Behavioral task
behavioral1
Sample
e0535dd44a0184ef401172dab1e0883883203a609c8f7f4f538172bc64eaf254.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
e0535dd44a0184ef401172dab1e0883883203a609c8f7f4f538172bc64eaf254
-
Size
318KB
-
MD5
fdb18ec08eb5ccc65b8bba083c682e08
-
SHA1
0e036a7837f018c057f2900b41be8990f9ca7dd3
-
SHA256
e0535dd44a0184ef401172dab1e0883883203a609c8f7f4f538172bc64eaf254
-
SHA512
8bcd94d2580ee48ee20dca383bb1be1f2bfd5586809cf2a3c308af07ca7ff52bf4545e7f7a7075fe1a1c617e86a6639c1545d494b037581d38a3cd3081809367
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-