General
-
Target
d6e3b766e0afebd0767499795161d86a31741b09bd6f1b53ea89231c5a6f3ab3
-
Size
390KB
-
Sample
220601-j98rkabafl
-
MD5
e153925553c1b5e6fc2b582086d2e620
-
SHA1
87c9c57648b77d5bc1c675a11cb52795a99daf88
-
SHA256
d6e3b766e0afebd0767499795161d86a31741b09bd6f1b53ea89231c5a6f3ab3
-
SHA512
4d0a01876bcbab30e9cc7fa6cd613a9b8f8f7d0a8ae17b8486892c1645c17d0b675201fda7bd296c1dcf52c9f2939f41794112ea8b53d49f68b8e90b87f5713f
Static task
static1
Behavioral task
behavioral1
Sample
d6e3b766e0afebd0767499795161d86a31741b09bd6f1b53ea89231c5a6f3ab3.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
d6e3b766e0afebd0767499795161d86a31741b09bd6f1b53ea89231c5a6f3ab3
-
Size
390KB
-
MD5
e153925553c1b5e6fc2b582086d2e620
-
SHA1
87c9c57648b77d5bc1c675a11cb52795a99daf88
-
SHA256
d6e3b766e0afebd0767499795161d86a31741b09bd6f1b53ea89231c5a6f3ab3
-
SHA512
4d0a01876bcbab30e9cc7fa6cd613a9b8f8f7d0a8ae17b8486892c1645c17d0b675201fda7bd296c1dcf52c9f2939f41794112ea8b53d49f68b8e90b87f5713f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-