General
-
Target
d37b9c254fb69bc1d1e3efd7e9c91c445886459564ae959b1473fb81b09f6ca9
-
Size
389KB
-
Sample
220627-wpdf5seec6
-
MD5
169230d7d3033f806aa005ace3550f81
-
SHA1
7718c46fe159d03940dbc95f059cb97ed78340b1
-
SHA256
d37b9c254fb69bc1d1e3efd7e9c91c445886459564ae959b1473fb81b09f6ca9
-
SHA512
8c212df5c3463873f41d7bfa80a9e92c069fb6a05cd8f62c1d9dd3453e88475002b79549479195c70915280fcfd94cd1ac75cf77c4e46a79cfc619588cfec7a1
Static task
static1
Malware Config
Extracted
redline
RUZKI
193.106.191.246:23196
-
auth_value
121027c094f768a0a0e9b562f6417952
Targets
-
-
Target
d37b9c254fb69bc1d1e3efd7e9c91c445886459564ae959b1473fb81b09f6ca9
-
Size
389KB
-
MD5
169230d7d3033f806aa005ace3550f81
-
SHA1
7718c46fe159d03940dbc95f059cb97ed78340b1
-
SHA256
d37b9c254fb69bc1d1e3efd7e9c91c445886459564ae959b1473fb81b09f6ca9
-
SHA512
8c212df5c3463873f41d7bfa80a9e92c069fb6a05cd8f62c1d9dd3453e88475002b79549479195c70915280fcfd94cd1ac75cf77c4e46a79cfc619588cfec7a1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-