General
-
Target
bf6f2c20c98eed6206fd2346a96a9b7da30ff792568147c1cf00d77d41cf05cf
-
Size
394KB
-
Sample
220601-q8m7sshag2
-
MD5
aa9af5418ac34bfd7359e19328a81049
-
SHA1
792bd49b7531c5763ba91cc35b023492658a39c0
-
SHA256
bf6f2c20c98eed6206fd2346a96a9b7da30ff792568147c1cf00d77d41cf05cf
-
SHA512
031518ecd7d480852216f9f6c40137f6377a2eaba4a1b716d7df41caf399ee30e7d9c23cd140636ce771041f9686afa436003b0d01b6424a9d10fe39d9dbef7f
Static task
static1
Behavioral task
behavioral1
Sample
bf6f2c20c98eed6206fd2346a96a9b7da30ff792568147c1cf00d77d41cf05cf.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
bf6f2c20c98eed6206fd2346a96a9b7da30ff792568147c1cf00d77d41cf05cf
-
Size
394KB
-
MD5
aa9af5418ac34bfd7359e19328a81049
-
SHA1
792bd49b7531c5763ba91cc35b023492658a39c0
-
SHA256
bf6f2c20c98eed6206fd2346a96a9b7da30ff792568147c1cf00d77d41cf05cf
-
SHA512
031518ecd7d480852216f9f6c40137f6377a2eaba4a1b716d7df41caf399ee30e7d9c23cd140636ce771041f9686afa436003b0d01b6424a9d10fe39d9dbef7f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-