General
-
Target
5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a.exe
-
Size
316KB
-
Sample
221110-y6pa3sfehl
-
MD5
c50393799580bd00a1450eed16f976da
-
SHA1
7006f69c5817b7b5f4c1576e4c78b653a3ce7c17
-
SHA256
5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a
-
SHA512
3105b9776a414125c2a74ddd96a6457017d22c89a29955ab3a09a1ad3eb5123b112702b6175b483f36f4c94309593ba324391352ee4a9e936f41991cebe53273
-
SSDEEP
6144:RYALf35aF9eTToNhsCxVdlK+Fx8Bgrb47SNzLdG1gbvMaee:RYAb35ar+oNhs0HlK+T0grcGNzLE05
Static task
static1
Behavioral task
behavioral1
Sample
5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
neruzki
193.106.191.22:47242
-
auth_value
be14ae67c6dd227f622680a27ea42452
Targets
-
-
Target
5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a.exe
-
Size
316KB
-
MD5
c50393799580bd00a1450eed16f976da
-
SHA1
7006f69c5817b7b5f4c1576e4c78b653a3ce7c17
-
SHA256
5f41424a95c1aa07c8657aaea86e0939820ad1a6f9eb679224bcc2b35160587a
-
SHA512
3105b9776a414125c2a74ddd96a6457017d22c89a29955ab3a09a1ad3eb5123b112702b6175b483f36f4c94309593ba324391352ee4a9e936f41991cebe53273
-
SSDEEP
6144:RYALf35aF9eTToNhsCxVdlK+Fx8Bgrb47SNzLdG1gbvMaee:RYAb35ar+oNhs0HlK+T0grcGNzLE05
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-