General
-
Target
0x000600000001411b-58.dat
-
Size
244KB
-
Sample
220716-n8wg3aceaj
-
MD5
dbe947674ea388b565ae135a09cc6638
-
SHA1
ae8e1c69bd1035a92b7e06baad5e387de3a70572
-
SHA256
86aeac2a4ee8e62265ee570718bbd41a4e643e0bad69e7b4fa6c24baeb220709
-
SHA512
67441aebbf7ce4d53fbb665124f309faed7842b3e424e018454ff6d6f790219633ce6a9b370aeaf77c5092e84f4391df13e964ca6a28597810dee41c3c833893
Behavioral task
behavioral1
Sample
0x000600000001411b-58.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
4
31.41.244.134:11643
-
auth_value
a516b2d034ecd34338f12b50347fbd92
Targets
-
-
Target
0x000600000001411b-58.dat
-
Size
244KB
-
MD5
dbe947674ea388b565ae135a09cc6638
-
SHA1
ae8e1c69bd1035a92b7e06baad5e387de3a70572
-
SHA256
86aeac2a4ee8e62265ee570718bbd41a4e643e0bad69e7b4fa6c24baeb220709
-
SHA512
67441aebbf7ce4d53fbb665124f309faed7842b3e424e018454ff6d6f790219633ce6a9b370aeaf77c5092e84f4391df13e964ca6a28597810dee41c3c833893
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-