General
-
Target
18e84be74bb7a59925ef278a47ef34cfe223fabce832b72f54f93a4f9ca1e616
-
Size
393KB
-
Sample
220601-tmr6eadeen
-
MD5
4dd3360cbf2bb0d931af47912017b63a
-
SHA1
9bf3310af51192a42208217556e3b5f000f55be1
-
SHA256
18e84be74bb7a59925ef278a47ef34cfe223fabce832b72f54f93a4f9ca1e616
-
SHA512
8e365727fb2fe582a22acd7c248187407a2847bdcbcef249b4e4e5d9a304bf86b47cb3cd8f94c47efb34d8d2a360a308658fb7a1303262eea2784c68b200fefa
Static task
static1
Behavioral task
behavioral1
Sample
18e84be74bb7a59925ef278a47ef34cfe223fabce832b72f54f93a4f9ca1e616.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
18e84be74bb7a59925ef278a47ef34cfe223fabce832b72f54f93a4f9ca1e616
-
Size
393KB
-
MD5
4dd3360cbf2bb0d931af47912017b63a
-
SHA1
9bf3310af51192a42208217556e3b5f000f55be1
-
SHA256
18e84be74bb7a59925ef278a47ef34cfe223fabce832b72f54f93a4f9ca1e616
-
SHA512
8e365727fb2fe582a22acd7c248187407a2847bdcbcef249b4e4e5d9a304bf86b47cb3cd8f94c47efb34d8d2a360a308658fb7a1303262eea2784c68b200fefa
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-