General
-
Target
485fda12086a7c199c2c49f80a3f13aecd2c88c866951f906a7b6a531322001b
-
Size
389KB
-
Sample
220627-lp32pacaf9
-
MD5
a73aaffb89c03012c600efec75685194
-
SHA1
8778d7b5472bdfbace7c08d68fef53da2cd27326
-
SHA256
485fda12086a7c199c2c49f80a3f13aecd2c88c866951f906a7b6a531322001b
-
SHA512
e5ef9a688d9618e7bb65770156bf8aeb5ed52e99dada1964cb9bb44a42486fbfb05a6712bc164200469d78008d5bb31e961f06c3d9f3af27f9b1e567319467f5
Static task
static1
Malware Config
Extracted
redline
RUZKI
193.106.191.246:23196
-
auth_value
121027c094f768a0a0e9b562f6417952
Targets
-
-
Target
485fda12086a7c199c2c49f80a3f13aecd2c88c866951f906a7b6a531322001b
-
Size
389KB
-
MD5
a73aaffb89c03012c600efec75685194
-
SHA1
8778d7b5472bdfbace7c08d68fef53da2cd27326
-
SHA256
485fda12086a7c199c2c49f80a3f13aecd2c88c866951f906a7b6a531322001b
-
SHA512
e5ef9a688d9618e7bb65770156bf8aeb5ed52e99dada1964cb9bb44a42486fbfb05a6712bc164200469d78008d5bb31e961f06c3d9f3af27f9b1e567319467f5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-