General
-
Target
b67d29172e65df8ad67bb1bcb2a91ef1.exe
-
Size
107KB
-
Sample
220521-pq6qrafha4
-
MD5
b67d29172e65df8ad67bb1bcb2a91ef1
-
SHA1
49c759419071cb33da48a3355e872792112af69d
-
SHA256
aaf2bb6ec3848842acc9e7c4ce6eca304f3adf4750e18a0ba53ad124445f4826
-
SHA512
91f23742184cd0341a116e3bd259dbca13ebbf1355a1726167b0a009e2e4cf46d236d3cbedd0b40e4f04c42c4520e7e99140898d3752dbf1d97b03ef52a015e4
Behavioral task
behavioral1
Sample
b67d29172e65df8ad67bb1bcb2a91ef1.exe
Resource
win7-20220414-en
Malware Config
Extracted
redline
stepme#4
51.89.155.45:22595
-
auth_value
cae2ff6a126e46df01eaadfb927c199b
Targets
-
-
Target
b67d29172e65df8ad67bb1bcb2a91ef1.exe
-
Size
107KB
-
MD5
b67d29172e65df8ad67bb1bcb2a91ef1
-
SHA1
49c759419071cb33da48a3355e872792112af69d
-
SHA256
aaf2bb6ec3848842acc9e7c4ce6eca304f3adf4750e18a0ba53ad124445f4826
-
SHA512
91f23742184cd0341a116e3bd259dbca13ebbf1355a1726167b0a009e2e4cf46d236d3cbedd0b40e4f04c42c4520e7e99140898d3752dbf1d97b03ef52a015e4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-