General
-
Target
b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98
-
Size
309KB
-
Sample
220905-k8621shad4
-
MD5
eb373d93505490dfa9fe940dd56ca4c1
-
SHA1
b48d97df69d8c39a0d4e4608945eef60a8bf0998
-
SHA256
b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98
-
SHA512
44e5648fa5fccbcfaedf8c4a6ffd9c257d983f6e203ba5e01ef2621bd281ea6a3762412d52cf5f1aece1f758ae5e5c20db21fea63eb8b55996be70abc0ec2242
-
SSDEEP
6144:RXc4XfGMbzc9X+d6WJmIen7GjGBg+vKojFtzjuNVZJpw+:tXN09Xy70fn75B1tjFtzsJ
Static task
static1
Behavioral task
behavioral1
Sample
b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
Lyllkal.05.09
185.215.113.216:21921
-
auth_value
2df530f82cb4bd0f6bef5527a1d5de70
Targets
-
-
Target
b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98
-
Size
309KB
-
MD5
eb373d93505490dfa9fe940dd56ca4c1
-
SHA1
b48d97df69d8c39a0d4e4608945eef60a8bf0998
-
SHA256
b66738a329bfdb8b9bf8fcf4a976ed7125dbd3912441d2a3620b3a9d4df61a98
-
SHA512
44e5648fa5fccbcfaedf8c4a6ffd9c257d983f6e203ba5e01ef2621bd281ea6a3762412d52cf5f1aece1f758ae5e5c20db21fea63eb8b55996be70abc0ec2242
-
SSDEEP
6144:RXc4XfGMbzc9X+d6WJmIen7GjGBg+vKojFtzjuNVZJpw+:tXN09Xy70fn75B1tjFtzsJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-