General
-
Target
file.exe
-
Size
137KB
-
Sample
221031-zywkvsdah6
-
MD5
9ce85f8a89b702a06139ca95944129b8
-
SHA1
d01e8c03db4211ecfda44ad5e14914c45d302116
-
SHA256
28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe
-
SHA512
37409439b0737d527a98d01173c2f2af7019ba8fa0e111e9c7ed2bbbbd5bc0d9d088cd6835d6fbc2bdfb9d07ac73d48b4d4d44a0bed78383b30d7d68b3c7a73b
-
SSDEEP
3072:1YO/ZMTFXXuIQj/9t1egQ+5zV4DF7yRXjh/SSw/:1YMZMBXXuIQf1xQ3MBjh
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
1
80.76.51.172:19241
-
auth_value
4b711fa6f9a5187b40500266349c0baf
Targets
-
-
Target
file.exe
-
Size
137KB
-
MD5
9ce85f8a89b702a06139ca95944129b8
-
SHA1
d01e8c03db4211ecfda44ad5e14914c45d302116
-
SHA256
28a4fc89b3ecdce491137e550252749c41c1ab97cebfb5241b8910de6aeb11fe
-
SHA512
37409439b0737d527a98d01173c2f2af7019ba8fa0e111e9c7ed2bbbbd5bc0d9d088cd6835d6fbc2bdfb9d07ac73d48b4d4d44a0bed78383b30d7d68b3c7a73b
-
SSDEEP
3072:1YO/ZMTFXXuIQj/9t1egQ+5zV4DF7yRXjh/SSw/:1YMZMBXXuIQf1xQ3MBjh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-