General
-
Target
b99e21dce83c8184c7396d9b0fb284ce0ce662a1cc9d1ad59448000eac1bd806
-
Size
133KB
-
Sample
221003-bqnchsbhfj
-
MD5
736eda1202c475f8ec0135066e58f8ab
-
SHA1
dc52e468e8dc5864f29b2c845492e30780fdc140
-
SHA256
b99e21dce83c8184c7396d9b0fb284ce0ce662a1cc9d1ad59448000eac1bd806
-
SHA512
77137f17f997ad776867f04cce0eaec389d7239b0e0dd294249c03327e3969d9ce2266f5b34b2f7018119e073a53c8a02785889a8b38b06df64e28f79a680f1f
-
SSDEEP
3072:HXrHiWjtqORs7BF/MiD/bFcooVLkryFCB8bm:7CWjt+XlrbqTK
Static task
static1
Behavioral task
behavioral1
Sample
b99e21dce83c8184c7396d9b0fb284ce0ce662a1cc9d1ad59448000eac1bd806.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
80.66.87.22:80
-
auth_value
5b663effac3b92fe687f0181631eeff2
Targets
-
-
Target
b99e21dce83c8184c7396d9b0fb284ce0ce662a1cc9d1ad59448000eac1bd806
-
Size
133KB
-
MD5
736eda1202c475f8ec0135066e58f8ab
-
SHA1
dc52e468e8dc5864f29b2c845492e30780fdc140
-
SHA256
b99e21dce83c8184c7396d9b0fb284ce0ce662a1cc9d1ad59448000eac1bd806
-
SHA512
77137f17f997ad776867f04cce0eaec389d7239b0e0dd294249c03327e3969d9ce2266f5b34b2f7018119e073a53c8a02785889a8b38b06df64e28f79a680f1f
-
SSDEEP
3072:HXrHiWjtqORs7BF/MiD/bFcooVLkryFCB8bm:7CWjt+XlrbqTK
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-