General
-
Target
32e524a990dd96c6192f066c787a2a9f.exe
-
Size
107KB
-
Sample
220706-a4l6yaehen
-
MD5
32e524a990dd96c6192f066c787a2a9f
-
SHA1
f031c9847294f298bffacec1b05c729e4d9c418c
-
SHA256
caec9d3eb952c9365cad842a74cdb955145d52bb9b1834afbf0bd7d83fe4da66
-
SHA512
b210d90c7f9e6addc4dc6455594d01374c16553100cd6c2bacb045c4d3926b5919278b7c0070fc6cd256d5d6bc2b14bed385a199d53caab0cedb88c8f5ddca3c
Behavioral task
behavioral1
Sample
32e524a990dd96c6192f066c787a2a9f.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
Europe
95.217.209.222:13663
-
auth_value
1dba5e33434f10aac4435480c820d246
Targets
-
-
Target
32e524a990dd96c6192f066c787a2a9f.exe
-
Size
107KB
-
MD5
32e524a990dd96c6192f066c787a2a9f
-
SHA1
f031c9847294f298bffacec1b05c729e4d9c418c
-
SHA256
caec9d3eb952c9365cad842a74cdb955145d52bb9b1834afbf0bd7d83fe4da66
-
SHA512
b210d90c7f9e6addc4dc6455594d01374c16553100cd6c2bacb045c4d3926b5919278b7c0070fc6cd256d5d6bc2b14bed385a199d53caab0cedb88c8f5ddca3c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-