General
-
Target
88f736259960329eabf53f4fd82cfc051dc2a46f2d08b101522d864949852321
-
Size
319KB
-
Sample
220531-y7txyscfd3
-
MD5
9ca4cf36f17d267ca2057bfcf634e728
-
SHA1
8b89be5b32e84c0fcc1353c19b809af4bf29cf63
-
SHA256
88f736259960329eabf53f4fd82cfc051dc2a46f2d08b101522d864949852321
-
SHA512
df4cf329f6a27e5a26c083e3a8f28483305168cd08d111d9ad106d008a706d35623966863d1d8f5ac3da4a9367d3590ef2653904fffd684e9ecdcc96270ac98c
Static task
static1
Behavioral task
behavioral1
Sample
88f736259960329eabf53f4fd82cfc051dc2a46f2d08b101522d864949852321.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
88f736259960329eabf53f4fd82cfc051dc2a46f2d08b101522d864949852321
-
Size
319KB
-
MD5
9ca4cf36f17d267ca2057bfcf634e728
-
SHA1
8b89be5b32e84c0fcc1353c19b809af4bf29cf63
-
SHA256
88f736259960329eabf53f4fd82cfc051dc2a46f2d08b101522d864949852321
-
SHA512
df4cf329f6a27e5a26c083e3a8f28483305168cd08d111d9ad106d008a706d35623966863d1d8f5ac3da4a9367d3590ef2653904fffd684e9ecdcc96270ac98c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-