General
-
Target
171efb4d29b97264622b1d93c5d7a4719e35e4f94ad1106a68c3ebb48c67bfb2
-
Size
320KB
-
Sample
220602-wntfzaheh4
-
MD5
f1af43abc1e5d7ad1d3dcad04fc7fff0
-
SHA1
4a862f4a26af9a9bc3d5a7e1aab67145c343bd08
-
SHA256
171efb4d29b97264622b1d93c5d7a4719e35e4f94ad1106a68c3ebb48c67bfb2
-
SHA512
8c9fa4bf2df3919561c992c802d158a974ab6cc004c863520f40a0b938b62755794a25613fc634feb30993f578b1bd297040b210e5e8a56a1be787da58fcaf44
Static task
static1
Behavioral task
behavioral1
Sample
171efb4d29b97264622b1d93c5d7a4719e35e4f94ad1106a68c3ebb48c67bfb2.exe
Resource
win10-20220414-en
Malware Config
Extracted
redline
RuzkiUNIKALNO
193.233.48.58:38989
-
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
-
-
Target
171efb4d29b97264622b1d93c5d7a4719e35e4f94ad1106a68c3ebb48c67bfb2
-
Size
320KB
-
MD5
f1af43abc1e5d7ad1d3dcad04fc7fff0
-
SHA1
4a862f4a26af9a9bc3d5a7e1aab67145c343bd08
-
SHA256
171efb4d29b97264622b1d93c5d7a4719e35e4f94ad1106a68c3ebb48c67bfb2
-
SHA512
8c9fa4bf2df3919561c992c802d158a974ab6cc004c863520f40a0b938b62755794a25613fc634feb30993f578b1bd297040b210e5e8a56a1be787da58fcaf44
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-