General
-
Target
ed1a38de4320e84a847ea1d06743a0d46801f655344c7fb2e7401187f3f9a8d4
-
Size
393KB
-
Sample
220601-srgpsshde7
-
MD5
c1f86b1bfd35b5700bd98ba219e14105
-
SHA1
fc4b710835ca89848e7a66ec9ebb67b46d75387d
-
SHA256
ed1a38de4320e84a847ea1d06743a0d46801f655344c7fb2e7401187f3f9a8d4
-
SHA512
7330de534bbbc05fd532d583591d6165af487c79b54f90ac7fd319cafeacae949a663424b0dffb890dbfde0b5451b7c417cb09284da10c1f063fbb77c9e88935
Static task
static1
Behavioral task
behavioral1
Sample
ed1a38de4320e84a847ea1d06743a0d46801f655344c7fb2e7401187f3f9a8d4.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
ed1a38de4320e84a847ea1d06743a0d46801f655344c7fb2e7401187f3f9a8d4
-
Size
393KB
-
MD5
c1f86b1bfd35b5700bd98ba219e14105
-
SHA1
fc4b710835ca89848e7a66ec9ebb67b46d75387d
-
SHA256
ed1a38de4320e84a847ea1d06743a0d46801f655344c7fb2e7401187f3f9a8d4
-
SHA512
7330de534bbbc05fd532d583591d6165af487c79b54f90ac7fd319cafeacae949a663424b0dffb890dbfde0b5451b7c417cb09284da10c1f063fbb77c9e88935
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-