General
-
Target
75ab2193c88d9af9a4f2b9fe95157cc7.exe
-
Size
5KB
-
Sample
220825-xvc81aaca8
-
MD5
75ab2193c88d9af9a4f2b9fe95157cc7
-
SHA1
23492919d39898420822158fa8bf8d80c8832f8d
-
SHA256
2a79200fffad2a413bee9185e3486870a797c29495650036aea53833ccffc00e
-
SHA512
168ff3424f62951100863664b76754c273aa72fdfd121bf40aa7e527b5e9a1b3e96f6053dc0cd02c43aaa71028041f7efd1332e9acd665c7c513a849f4f957d8
-
SSDEEP
48:6+ybkEucZ4nyUN6a5MOlCtcC0heFNMO+yEP+96R5JfJyC3JUsibkEs3dqZsFtoAK:eucZ4VpUt0h2+yEpTdoSysivuD/zNt
Static task
static1
Behavioral task
behavioral1
Sample
75ab2193c88d9af9a4f2b9fe95157cc7.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
top1
185.2.83.247:80
-
auth_value
fa2afa98a6579319e36e31ee0552bd57
Targets
-
-
Target
75ab2193c88d9af9a4f2b9fe95157cc7.exe
-
Size
5KB
-
MD5
75ab2193c88d9af9a4f2b9fe95157cc7
-
SHA1
23492919d39898420822158fa8bf8d80c8832f8d
-
SHA256
2a79200fffad2a413bee9185e3486870a797c29495650036aea53833ccffc00e
-
SHA512
168ff3424f62951100863664b76754c273aa72fdfd121bf40aa7e527b5e9a1b3e96f6053dc0cd02c43aaa71028041f7efd1332e9acd665c7c513a849f4f957d8
-
SSDEEP
48:6+ybkEucZ4nyUN6a5MOlCtcC0heFNMO+yEP+96R5JfJyC3JUsibkEs3dqZsFtoAK:eucZ4VpUt0h2+yEpTdoSysivuD/zNt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-