General
-
Target
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129
-
Size
265KB
-
Sample
220627-l3eagscbf4
-
MD5
3a39dcc270927c538e938392647361e0
-
SHA1
3b899a4ebe389c4b8869f0da2ba453891bcf0aa1
-
SHA256
992c2b847ed1433de2ba4b8b93345744543a8020466b7c16327f6d82f42ccbc4
-
SHA512
2467a8ca4bdeeb9694e83b98bdc37a7e9cb0a9182d7e6678548ebb56edc8b57b04606438090f5d146303661b607378c6a6f6e753afadfbe77d90439491767d81
Static task
static1
Behavioral task
behavioral1
Sample
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
RUZKI
193.106.191.246:23196
-
auth_value
121027c094f768a0a0e9b562f6417952
Targets
-
-
Target
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129
-
Size
388KB
-
MD5
a48892ca959b74c4eb8ff7bad785f882
-
SHA1
7f173ee59e9408be747bb6463e2b6b09fc8176fc
-
SHA256
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129
-
SHA512
0ec6825f210fe302429b9a6246f520423473df288ef4e60ea00103c04ac237a0991c86d18c98820fc46061f884dd65c796c00922260cdc73fb8a5f39df5ac001
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-