General
-
Target
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129
-
Size
265KB
-
Sample
220627-ly5lwacbc5
-
MD5
f736217412ba9ac14cce552a7d55f462
-
SHA1
ddd96827801ac8eb0f39130d7556c26d3746770b
-
SHA256
165d5dcb5b9e439725ae8d07fe30f0b2413a010462483cba4c140b01d0044ed6
-
SHA512
31e7c69b644b6c7cd7f28c60620eef4787d014c00487d934fe133b4909e526f5c9b1bf04e8698e933d15b2a2798250be7081a8fe4d0a91953e32d62e9d37357a
Static task
static1
Behavioral task
behavioral1
Sample
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
RUZKI
193.106.191.246:23196
-
auth_value
121027c094f768a0a0e9b562f6417952
Targets
-
-
Target
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129
-
Size
388KB
-
MD5
a48892ca959b74c4eb8ff7bad785f882
-
SHA1
7f173ee59e9408be747bb6463e2b6b09fc8176fc
-
SHA256
327df9ee5e64512b498d2ea577fa4cf89bdf1e74410b94c22b5f859bf9ad0129
-
SHA512
0ec6825f210fe302429b9a6246f520423473df288ef4e60ea00103c04ac237a0991c86d18c98820fc46061f884dd65c796c00922260cdc73fb8a5f39df5ac001
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-