General
-
Target
b3499b334d7a5e24a841a668073a72e4fb2ae095ee2e21d0988d66449d17aa37
-
Size
394KB
-
Sample
220601-wshv2aeedm
-
MD5
9aea8cf743b4a3510a92f4085fe23e95
-
SHA1
62889eec8c3bff812d3a94c30b5e43fd882c76fd
-
SHA256
b3499b334d7a5e24a841a668073a72e4fb2ae095ee2e21d0988d66449d17aa37
-
SHA512
757a40db709d0563fe7481bbd928f0ef56d5618e2fc9954c16de660532640ebf3eeb0968a075748ca1fc996b43ea41eb5a92e39f4f3b56ef7e2a7b53e2f64573
Static task
static1
Behavioral task
behavioral1
Sample
b3499b334d7a5e24a841a668073a72e4fb2ae095ee2e21d0988d66449d17aa37.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
b3499b334d7a5e24a841a668073a72e4fb2ae095ee2e21d0988d66449d17aa37
-
Size
394KB
-
MD5
9aea8cf743b4a3510a92f4085fe23e95
-
SHA1
62889eec8c3bff812d3a94c30b5e43fd882c76fd
-
SHA256
b3499b334d7a5e24a841a668073a72e4fb2ae095ee2e21d0988d66449d17aa37
-
SHA512
757a40db709d0563fe7481bbd928f0ef56d5618e2fc9954c16de660532640ebf3eeb0968a075748ca1fc996b43ea41eb5a92e39f4f3b56ef7e2a7b53e2f64573
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-