General
-
Target
efce2f63f699ace5119a260bf75471f818d81e948a903.exe
-
Size
311KB
-
Sample
221105-masg3shdem
-
MD5
80eba6fba683560bb8a1296911c9a530
-
SHA1
d9c3fcf909681db6f83a23e46999a5bc4f23d1b3
-
SHA256
efce2f63f699ace5119a260bf75471f818d81e948a903ed4ac4657a16b89f9de
-
SHA512
be12f3cdacefa9c215a73effe0f51b9d9a897a8d44120266fff25d99a79f7f06f96f429ecb5f3bdef2754fb5eee240a7ce6e3c14a08e9f761826e195a2f3a1ae
-
SSDEEP
6144:xh5ZRBLEQJFM15cBR69scAmM/y7szDUnbmaLOnK:TpBl8158cLc6SVnK
Static task
static1
Behavioral task
behavioral1
Sample
efce2f63f699ace5119a260bf75471f818d81e948a903.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
1
164.90.146.32:41698
-
auth_value
9b64659ae8aca5a45aee2af90a3cdeac
Targets
-
-
Target
efce2f63f699ace5119a260bf75471f818d81e948a903.exe
-
Size
311KB
-
MD5
80eba6fba683560bb8a1296911c9a530
-
SHA1
d9c3fcf909681db6f83a23e46999a5bc4f23d1b3
-
SHA256
efce2f63f699ace5119a260bf75471f818d81e948a903ed4ac4657a16b89f9de
-
SHA512
be12f3cdacefa9c215a73effe0f51b9d9a897a8d44120266fff25d99a79f7f06f96f429ecb5f3bdef2754fb5eee240a7ce6e3c14a08e9f761826e195a2f3a1ae
-
SSDEEP
6144:xh5ZRBLEQJFM15cBR69scAmM/y7szDUnbmaLOnK:TpBl8158cLc6SVnK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-