General
-
Target
6f7e3df96a32a5f357bd78b64c25abfb53fa810a75df815734c7d230fd16c81c
-
Size
281KB
-
Sample
221003-j96l7sehd3
-
MD5
07ea6fc965cda2b47463f1161a82c3d3
-
SHA1
baa6cbe6c6917481823835012caa9ec44b821b69
-
SHA256
6f7e3df96a32a5f357bd78b64c25abfb53fa810a75df815734c7d230fd16c81c
-
SHA512
54efebb8e8bfa780168f809a47cecbe88391fb9ef5d630a78e43ff6d41b0a5ac7ba1425859b820ef227b05ab5cfe653fdc674032b3157dc66ffa1ea73049a58d
-
SSDEEP
3072:IhDGsORb4LiR4ypBFvycxuTA/SPAZkNbM1AHYXQqkoG3Z3KBb527qMRB35TXKggq:mi+8qvSSIyNM1YPoeVKBZOJDTmqKxq9
Static task
static1
Behavioral task
behavioral1
Sample
6f7e3df96a32a5f357bd78b64c25abfb53fa810a75df815734c7d230fd16c81c.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
20221001
89.22.235.53:16640
-
auth_value
7c7a8658971281de82db43a3b9284d97
Targets
-
-
Target
6f7e3df96a32a5f357bd78b64c25abfb53fa810a75df815734c7d230fd16c81c
-
Size
281KB
-
MD5
07ea6fc965cda2b47463f1161a82c3d3
-
SHA1
baa6cbe6c6917481823835012caa9ec44b821b69
-
SHA256
6f7e3df96a32a5f357bd78b64c25abfb53fa810a75df815734c7d230fd16c81c
-
SHA512
54efebb8e8bfa780168f809a47cecbe88391fb9ef5d630a78e43ff6d41b0a5ac7ba1425859b820ef227b05ab5cfe653fdc674032b3157dc66ffa1ea73049a58d
-
SSDEEP
3072:IhDGsORb4LiR4ypBFvycxuTA/SPAZkNbM1AHYXQqkoG3Z3KBb527qMRB35TXKggq:mi+8qvSSIyNM1YPoeVKBZOJDTmqKxq9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-