General
-
Target
file.exe
-
Size
386KB
-
Sample
221027-xqx3lsdcaj
-
MD5
b586d2f1a106e544ecf8a7cc58f98fe0
-
SHA1
ec8acc084fb674d22e4318ce4a55ea359f257042
-
SHA256
7ae6e6f5f8106c9e8c3fa90ff7c76d9c86d05f0f80ca1b7bb8dc2f36d3518172
-
SHA512
17df41032400d33a831412822ff05ccd04d061ec514173b5eaa3293b4fec2618d72512a0d4b272127b23053b3234759dd0e864832ad109e672fd77c3288f68cc
-
SSDEEP
12288:AEq4j9rFlhlfuKLCxWX2t+yvPetH/NFV:AF4jT5LCxs28y3etbV
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
dzkey
193.106.191.19:47242
-
auth_value
52a449fd61ad73c3abc266d47c699ceb
Targets
-
-
Target
file.exe
-
Size
386KB
-
MD5
b586d2f1a106e544ecf8a7cc58f98fe0
-
SHA1
ec8acc084fb674d22e4318ce4a55ea359f257042
-
SHA256
7ae6e6f5f8106c9e8c3fa90ff7c76d9c86d05f0f80ca1b7bb8dc2f36d3518172
-
SHA512
17df41032400d33a831412822ff05ccd04d061ec514173b5eaa3293b4fec2618d72512a0d4b272127b23053b3234759dd0e864832ad109e672fd77c3288f68cc
-
SSDEEP
12288:AEq4j9rFlhlfuKLCxWX2t+yvPetH/NFV:AF4jT5LCxs28y3etbV
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-