General
-
Target
file.exe
-
Size
494KB
-
Sample
221110-nnvd9shdh7
-
MD5
33a5964afe2458441af9ea334f2d28f3
-
SHA1
7e3ad6f6676ea16d3558be146c53d9547ac338e3
-
SHA256
71e08b3ec6500046ea41335216d7483f6cd41e1c5edafd7dabe6a440537bf567
-
SHA512
c12a9fd312c21b347d0f6d80d836867a599de85590867fc884996c8ce8d6ecbdfd3ebb2ab8f2a71267a066aefc4004b71583422cce9c6f417666518aa2a7c68d
-
SSDEEP
12288:QtBpcGsfTLulmYlxUnrRJnPFk4CdDI+6:epcGGylZEnrRPch6
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
neruzki
193.106.191.22:47242
-
auth_value
be14ae67c6dd227f622680a27ea42452
Targets
-
-
Target
file.exe
-
Size
494KB
-
MD5
33a5964afe2458441af9ea334f2d28f3
-
SHA1
7e3ad6f6676ea16d3558be146c53d9547ac338e3
-
SHA256
71e08b3ec6500046ea41335216d7483f6cd41e1c5edafd7dabe6a440537bf567
-
SHA512
c12a9fd312c21b347d0f6d80d836867a599de85590867fc884996c8ce8d6ecbdfd3ebb2ab8f2a71267a066aefc4004b71583422cce9c6f417666518aa2a7c68d
-
SSDEEP
12288:QtBpcGsfTLulmYlxUnrRJnPFk4CdDI+6:epcGGylZEnrRPch6
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-