General
-
Target
932-55-0x00000000002F0000-0x0000000000310000-memory.dmp
-
Size
128KB
-
Sample
220830-k81v1agbc7
-
MD5
86d1f16781d583fd7b38fd315ca1de8b
-
SHA1
4942fcb1ef6f13218e9113962dd5602eb461a7dd
-
SHA256
1b6682493488bcfc14f1590ae09a72be594a78bd3aa5ea8cb00594904f8bc00b
-
SHA512
9840e91767f1f1a9b7901d092aea72284c979cabf9781e28968239c357d1d763302240bbedd257a43a1b63ee99be32ac62564035e2492a78e3abf7bf1926d2b2
-
SSDEEP
3072:2cvFBQCYKpi8IVJFKTc1v/x54sqzJQ7Qc2fjTahR4EASN6:2cvOt4c5/x5mzcwahR4jS
Behavioral task
behavioral1
Sample
932-55-0x00000000002F0000-0x0000000000310000-memory.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
VERIF01
please.c0nnect2me.ru:7777
-
auth_value
2eddda17dd5a8a8c16c28e7fe0f74b6c
Targets
-
-
Target
932-55-0x00000000002F0000-0x0000000000310000-memory.dmp
-
Size
128KB
-
MD5
86d1f16781d583fd7b38fd315ca1de8b
-
SHA1
4942fcb1ef6f13218e9113962dd5602eb461a7dd
-
SHA256
1b6682493488bcfc14f1590ae09a72be594a78bd3aa5ea8cb00594904f8bc00b
-
SHA512
9840e91767f1f1a9b7901d092aea72284c979cabf9781e28968239c357d1d763302240bbedd257a43a1b63ee99be32ac62564035e2492a78e3abf7bf1926d2b2
-
SSDEEP
3072:2cvFBQCYKpi8IVJFKTc1v/x54sqzJQ7Qc2fjTahR4EASN6:2cvOt4c5/x5mzcwahR4jS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-