General
-
Target
2012-55-0x0000000000270000-0x0000000000290000-memory.dmp
-
Size
128KB
-
Sample
221020-kpsqaaebcj
-
MD5
c4f4003961b6fdf6b94ab956e80e4ab6
-
SHA1
78d55262efdd9c9ab7bcdc72cc429d95eb30a075
-
SHA256
45e91fe5d4b9243bf8af9cc559a582c835c80718b78159907133ef1cc3d7b160
-
SHA512
b4cbbca4b067414c97ab8d9599047fa464958c0672845045a61f3618e66f1d9bd8df2df439ffe66dd4a5dcc82e65c533448be594a91c0538855ccf736a8cf026
-
SSDEEP
3072:icvFBhCYFpiFIBUsVu9lGJoQcDVlTMhk4EASN1:icvv389lERcLMhk4jS
Behavioral task
behavioral1
Sample
2012-55-0x0000000000270000-0x0000000000290000-memory.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
@cham1ng
193.106.191.160:8673
-
auth_value
296c18e34d670ae41d67c9e09e2546b7
Targets
-
-
Target
2012-55-0x0000000000270000-0x0000000000290000-memory.dmp
-
Size
128KB
-
MD5
c4f4003961b6fdf6b94ab956e80e4ab6
-
SHA1
78d55262efdd9c9ab7bcdc72cc429d95eb30a075
-
SHA256
45e91fe5d4b9243bf8af9cc559a582c835c80718b78159907133ef1cc3d7b160
-
SHA512
b4cbbca4b067414c97ab8d9599047fa464958c0672845045a61f3618e66f1d9bd8df2df439ffe66dd4a5dcc82e65c533448be594a91c0538855ccf736a8cf026
-
SSDEEP
3072:icvFBhCYFpiFIBUsVu9lGJoQcDVlTMhk4EASN1:icvv389lERcLMhk4jS
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Downloads MZ/PE file
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-