General
-
Target
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129
-
Size
265KB
-
Sample
220627-l9ybyaadcp
-
MD5
28e51fdd016de373af65cc498a32e30a
-
SHA1
53ef43ece0141948dd0bbfbe85d1448c7593d34f
-
SHA256
51121e477bec3101b1dbc5bc45424e6a2394305e186f1eca953842c9d72305a8
-
SHA512
63d04556331d1df4cb3fd178ab0b02e915962a56bb8fbff42522de8fde2facde05749114e1dadc594dce8754df5cace709b6de6715e96e046e093fcf588ccd3a
Static task
static1
Behavioral task
behavioral1
Sample
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
RUZKI
193.106.191.246:23196
-
auth_value
121027c094f768a0a0e9b562f6417952
Targets
-
-
Target
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129
-
Size
388KB
-
MD5
a48892ca959b74c4eb8ff7bad785f882
-
SHA1
7f173ee59e9408be747bb6463e2b6b09fc8176fc
-
SHA256
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129
-
SHA512
0ec6825f210fe302429b9a6246f520423473df288ef4e60ea00103c04ac237a0991c86d18c98820fc46061f884dd65c796c00922260cdc73fb8a5f39df5ac001
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-