General
-
Target
dfafcfd68e719844dd2b7626752cbf7c818e9de768fee5e5888d94e242baeabf
-
Size
3.8MB
-
Sample
220913-2jaqyscfak
-
MD5
cd6124575280dd513412db5bd233d32a
-
SHA1
a99cd43c0cf24a8379f74d32ca81067d502b0914
-
SHA256
dfafcfd68e719844dd2b7626752cbf7c818e9de768fee5e5888d94e242baeabf
-
SHA512
e5a1f17913ceecc6a58f6b41b606718594bcaff033e717102f1698992dffb988b82daa2e70b8a1ac335d11b7fcdd85d163f7180a8f614b38b8741a936ee46717
-
SSDEEP
49152:Te9ulU3veN/261EB0mDZ9DU/Q4redt/6b:XlU3veN/hu/6b
Static task
static1
Behavioral task
behavioral1
Sample
dfafcfd68e719844dd2b7626752cbf7c818e9de768fee5e5888d94e242baeabf.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
3108_RUZKI
213.219.247.199:9452
-
auth_value
f71fed1cd094e4e1eb7ad1c53e542bca
Targets
-
-
Target
dfafcfd68e719844dd2b7626752cbf7c818e9de768fee5e5888d94e242baeabf
-
Size
3.8MB
-
MD5
cd6124575280dd513412db5bd233d32a
-
SHA1
a99cd43c0cf24a8379f74d32ca81067d502b0914
-
SHA256
dfafcfd68e719844dd2b7626752cbf7c818e9de768fee5e5888d94e242baeabf
-
SHA512
e5a1f17913ceecc6a58f6b41b606718594bcaff033e717102f1698992dffb988b82daa2e70b8a1ac335d11b7fcdd85d163f7180a8f614b38b8741a936ee46717
-
SSDEEP
49152:Te9ulU3veN/261EB0mDZ9DU/Q4redt/6b:XlU3veN/hu/6b
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-