General
-
Target
478c8b8269a564c956bd038a005026de.exe
-
Size
359KB
-
Sample
221003-klfljsfed5
-
MD5
478c8b8269a564c956bd038a005026de
-
SHA1
9c0463608cfa143bc75fb4755f755e0169951c7c
-
SHA256
ebb74e1bc458746c7dce4ddc80718e68204fd6f4eaced12b09b62aba16f981c0
-
SHA512
1e2a3cc7eeeb0bf2b4ec635d2e9345c1d34ba29d9f1e02ef8a3d7c15f7979089257a790ecef6b970c727d0817257309e23e301969ddef7944a7c746ea159dcc2
-
SSDEEP
6144:YAxtoIrF8coV6rlhEIDgT8Yyt1p5u8JQi+Z7MhXLcsGVYZsMyRYiuDrfjx3PDyy0:XtpSnQR+IDgAX5BJQi+Z7MhXLcsGVYZU
Behavioral task
behavioral1
Sample
478c8b8269a564c956bd038a005026de.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
478c8b8269a564c956bd038a005026de.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
65.108.247.147:37767
-
auth_value
6a82f1fb90afb278c299e83d46279927
Targets
-
-
Target
478c8b8269a564c956bd038a005026de.exe
-
Size
359KB
-
MD5
478c8b8269a564c956bd038a005026de
-
SHA1
9c0463608cfa143bc75fb4755f755e0169951c7c
-
SHA256
ebb74e1bc458746c7dce4ddc80718e68204fd6f4eaced12b09b62aba16f981c0
-
SHA512
1e2a3cc7eeeb0bf2b4ec635d2e9345c1d34ba29d9f1e02ef8a3d7c15f7979089257a790ecef6b970c727d0817257309e23e301969ddef7944a7c746ea159dcc2
-
SSDEEP
6144:YAxtoIrF8coV6rlhEIDgT8Yyt1p5u8JQi+Z7MhXLcsGVYZsMyRYiuDrfjx3PDyy0:XtpSnQR+IDgAX5BJQi+Z7MhXLcsGVYZU
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-