General
-
Target
db24bb7d33445281361940ba67d46ef21016907908c125c5ed2b21f55ec80e86
-
Size
391KB
-
Sample
220601-ln8wjsbdhp
-
MD5
d4c6fc847a68e1ae00b69669e427088f
-
SHA1
1d49d6688e589b34dac53f543a53e3c4278f95cc
-
SHA256
db24bb7d33445281361940ba67d46ef21016907908c125c5ed2b21f55ec80e86
-
SHA512
1a27f177913dcfb596dcdb5f644ee56dbec6b1d53683fd3589b3aab311f92982463aa6aaf8e089922866f5fd9afbb5612393ca4c3a280c03aeefd9ffa14057e7
Static task
static1
Behavioral task
behavioral1
Sample
db24bb7d33445281361940ba67d46ef21016907908c125c5ed2b21f55ec80e86.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
db24bb7d33445281361940ba67d46ef21016907908c125c5ed2b21f55ec80e86
-
Size
391KB
-
MD5
d4c6fc847a68e1ae00b69669e427088f
-
SHA1
1d49d6688e589b34dac53f543a53e3c4278f95cc
-
SHA256
db24bb7d33445281361940ba67d46ef21016907908c125c5ed2b21f55ec80e86
-
SHA512
1a27f177913dcfb596dcdb5f644ee56dbec6b1d53683fd3589b3aab311f92982463aa6aaf8e089922866f5fd9afbb5612393ca4c3a280c03aeefd9ffa14057e7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-