General
-
Target
password_2022.rar
-
Size
1.9MB
-
Sample
221011-11ln4sgef8
-
MD5
9f3f73081b04e4dd31d460314b1a02bd
-
SHA1
faf6415a2962855ac4de8c9526676afa9e512320
-
SHA256
07eafe28c2ff321dd164f60e65eff5622d5a208acf08908e6f5e51ce74fde59e
-
SHA512
aa0df16155c8e048ea28498ea04be64601ab3c3cad17696219674ee82066e560ede688c1593a60d252c1906c0a2bfde8e45a33576f00c8ebd67da761f89da289
-
SSDEEP
49152:CdDlBZEoex0CPzvoeM4RUljX1sR6bG6pwecPTJ6wilj/wc:9Wx4R2jX2EIPTJ6wilrwc
Static task
static1
Behavioral task
behavioral1
Sample
password 2022/1-1.scr
Resource
win7-20220812-en
Malware Config
Extracted
redline
4
185.112.83.147:17431
-
auth_value
36e644f98af4e704e0ff8db3a587fdb4
Targets
-
-
Target
password 2022/1-1.scr
-
Size
715.0MB
-
MD5
b0a38f0a315ff80630c62eb81bc5daf0
-
SHA1
0bb1b18b3a144b29b46ca2932ba6a562f9d4b4d8
-
SHA256
c0f743fd14be816dd7c598ea9d61cd84d55d7994c1756e2f752a229106926a0a
-
SHA512
86b30248d9b0d7c53c6888e0dec388e0b38d12fa1a1e93606d7ae90a4f1d2e800da616be76b00559a1d90f21fbe94cc68be3b09f2919201d98c5d4fa17a4d078
-
SSDEEP
24576:+Vo7uE0Oab8xook2OoYQYzzK52QbgWC3yNaarmNZS8hDpAj+5ugpUPiSrcw84obn:wMOYSwiAGVvtTeRdZEHQJfQuB38V+5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-