General
-
Target
2c19f0cd4ebb7d283edc31624b40c2df08ea94afe1ade44ac0c0e92cd69ec6e9
-
Size
274KB
-
Sample
220811-v6aadaceb5
-
MD5
917d5b08cb4e827b3950f497e8906431
-
SHA1
09d5625f9b41fcd16d8ca4ca54ac6e958b476dd5
-
SHA256
64fe41aea070158bfd08318bdda727e03df5412f4eb0ec050bea0dd6028f05ff
-
SHA512
be8d27488874240afeb78bbf2d67b232f86ba8f71d5f6a8b2cdd12482961ade7b7cd78403d281fe5123494ec5e0ef2582ea008f5b6a25bf2076a573373f32bb7
Static task
static1
Behavioral task
behavioral1
Sample
2c19f0cd4ebb7d283edc31624b40c2df08ea94afe1ade44ac0c0e92cd69ec6e9.exe
Resource
win7-20220715-en
Malware Config
Extracted
redline
ruzki
193.106.191.165:39482
-
auth_value
71a0558c0eea274a5bd617ea85786884
Targets
-
-
Target
2c19f0cd4ebb7d283edc31624b40c2df08ea94afe1ade44ac0c0e92cd69ec6e9
-
Size
355KB
-
MD5
7465b424ba341afd213f55d96c3fae37
-
SHA1
6004e8d6ad8a8222e0fc73f05c5857fa53d07d5d
-
SHA256
2c19f0cd4ebb7d283edc31624b40c2df08ea94afe1ade44ac0c0e92cd69ec6e9
-
SHA512
8c1a75619d7d90eeb3007da4969bf9ea57239ffb943242cc0cb8cb15621be4d85f397e63e225cf8959aaf397341d7f5fbd666c10a0bcda679a8bd251bf29da45
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-