General
-
Target
bind.exe
-
Size
388KB
-
Sample
220819-wjzr7agfcp
-
MD5
cc4eb344771336f98463f865de01f847
-
SHA1
9c1a1e2fb4d7679febabbb2f9407b15462a5ffbb
-
SHA256
0f6fac67fa6f0c0a2c9828303c29c5a3427b49350f1f3e9a592aae632a32f6da
-
SHA512
66dee51b79375dc997ccf5e7700cc79a768d8168bc2264d80ba6343fd5b6b5b702f6b98417d4024007ca655205dc68a49e61ce91a8eee7a7b95af8c1cbe54667
-
SSDEEP
6144:nZDcYLG0Lahyeq3SSz3qAyvRh3nSrbH1wzijcUOxkH8EG:JXbSJnSrblgUOx88
Malware Config
Extracted
redline
1877
overthinker1877.duckdns.org:60732
Targets
-
-
Target
bind.exe
-
Size
388KB
-
MD5
cc4eb344771336f98463f865de01f847
-
SHA1
9c1a1e2fb4d7679febabbb2f9407b15462a5ffbb
-
SHA256
0f6fac67fa6f0c0a2c9828303c29c5a3427b49350f1f3e9a592aae632a32f6da
-
SHA512
66dee51b79375dc997ccf5e7700cc79a768d8168bc2264d80ba6343fd5b6b5b702f6b98417d4024007ca655205dc68a49e61ce91a8eee7a7b95af8c1cbe54667
-
SSDEEP
6144:nZDcYLG0Lahyeq3SSz3qAyvRh3nSrbH1wzijcUOxkH8EG:JXbSJnSrblgUOx88
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-