General
-
Target
d98317bf7545140cb164c43d9c922742c11f2145c6502406373e81105bf518f7
-
Size
219KB
-
Sample
220805-kyj5haacdp
-
MD5
ebb14f7fffbf6439767b2904cc7d690c
-
SHA1
f0341c875fb56cb0d14ae15a075245109e118748
-
SHA256
d98317bf7545140cb164c43d9c922742c11f2145c6502406373e81105bf518f7
-
SHA512
ec22ac86913f9410d9a545b78ba40ce7f87c4eece6256e7a2455b4e511354ac1f3ec16a1742ba5b61747a62d868a0f031f217081ac4429e4be73e08c02bddf73
Static task
static1
Malware Config
Extracted
redline
AF2
stcontact.top:80
-
auth_value
4d729a2faecb406a0eb1d6fcf30432fa
Targets
-
-
Target
d98317bf7545140cb164c43d9c922742c11f2145c6502406373e81105bf518f7
-
Size
219KB
-
MD5
ebb14f7fffbf6439767b2904cc7d690c
-
SHA1
f0341c875fb56cb0d14ae15a075245109e118748
-
SHA256
d98317bf7545140cb164c43d9c922742c11f2145c6502406373e81105bf518f7
-
SHA512
ec22ac86913f9410d9a545b78ba40ce7f87c4eece6256e7a2455b4e511354ac1f3ec16a1742ba5b61747a62d868a0f031f217081ac4429e4be73e08c02bddf73
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-