General
-
Target
c6c1cb1b0eae79f3c2db1b035e550b97564ee1b723d061b69e7df180f392e78b
-
Size
304KB
-
Sample
220923-jvgpjahebp
-
MD5
9e70cd80940a022bec25f1412bba69b9
-
SHA1
c027104292f2087a1e30bbe44f07e22de16281e6
-
SHA256
c6c1cb1b0eae79f3c2db1b035e550b97564ee1b723d061b69e7df180f392e78b
-
SHA512
876ea9cb71e19998fa922de2aa814d59dbfc67bcaa803dbc892da6a2722d80029bde5edda8eeb16b7d79f9dbce0edcd5f57c4dbe74efd434ef07a82a13e47882
-
SSDEEP
6144:0LMIruim2Y4uX1IUEUL1w87fFdGUplNHveNJw6:0gIr44uXtL1HfFdGUpvPeN3
Static task
static1
Behavioral task
behavioral1
Sample
c6c1cb1b0eae79f3c2db1b035e550b97564ee1b723d061b69e7df180f392e78b.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
20220916
193.188.21.37:16640
-
auth_value
a1b5897e8904004e7a7f18a9d0c92349
Targets
-
-
Target
c6c1cb1b0eae79f3c2db1b035e550b97564ee1b723d061b69e7df180f392e78b
-
Size
304KB
-
MD5
9e70cd80940a022bec25f1412bba69b9
-
SHA1
c027104292f2087a1e30bbe44f07e22de16281e6
-
SHA256
c6c1cb1b0eae79f3c2db1b035e550b97564ee1b723d061b69e7df180f392e78b
-
SHA512
876ea9cb71e19998fa922de2aa814d59dbfc67bcaa803dbc892da6a2722d80029bde5edda8eeb16b7d79f9dbce0edcd5f57c4dbe74efd434ef07a82a13e47882
-
SSDEEP
6144:0LMIruim2Y4uX1IUEUL1w87fFdGUplNHveNJw6:0gIr44uXtL1HfFdGUpvPeN3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-