General
-
Target
18086cc4cebf9eb9eaf8dc5ce9192a7f0a759c412d1b55935bfb0143bd60c55f
-
Size
320KB
-
Sample
220602-h8jklsheer
-
MD5
32fa3e604f96ea96f001eb295bb238f0
-
SHA1
0de695fb7c66f4daad4c2f34720fd25d365854b4
-
SHA256
18086cc4cebf9eb9eaf8dc5ce9192a7f0a759c412d1b55935bfb0143bd60c55f
-
SHA512
f741403f4b609cb881396a369ae5dd87e468e05330f3e440859194c120903d1ae561271b40fde53649b5407c03bb5d5700bcb97b3e6924cce7688a57be677b16
Static task
static1
Behavioral task
behavioral1
Sample
18086cc4cebf9eb9eaf8dc5ce9192a7f0a759c412d1b55935bfb0143bd60c55f.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
18086cc4cebf9eb9eaf8dc5ce9192a7f0a759c412d1b55935bfb0143bd60c55f
-
Size
320KB
-
MD5
32fa3e604f96ea96f001eb295bb238f0
-
SHA1
0de695fb7c66f4daad4c2f34720fd25d365854b4
-
SHA256
18086cc4cebf9eb9eaf8dc5ce9192a7f0a759c412d1b55935bfb0143bd60c55f
-
SHA512
f741403f4b609cb881396a369ae5dd87e468e05330f3e440859194c120903d1ae561271b40fde53649b5407c03bb5d5700bcb97b3e6924cce7688a57be677b16
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-