General
-
Target
file
-
Size
504KB
-
Sample
221111-cayzraabdj
-
MD5
c8d4d2a19b9cbf6266f47a0fcc87a1a0
-
SHA1
932867e770a3829bc70b2a00122d7dc5cf3f44b9
-
SHA256
187cb39f278b18e3d77c8132d18dc34d67ebb7763d14487e63f866767ef978d8
-
SHA512
311db65a97824c9e40a032cc8f1b8884e7a0462e26fd05bb71a43a68e2fdb4f40c949d101363551a398a73a14d1cbcf14f973ac0665f7ed571b63fa19b40aa08
-
SSDEEP
6144:2drK7NgLt1bJD0T7MzxSoViF6v4Rm9E3YaXdyDt1wCWXwOu1ql:2dhp1bJoHMzzMF6wRaE3YawxOUql
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
neruzki
193.106.191.22:47242
-
auth_value
be14ae67c6dd227f622680a27ea42452
Targets
-
-
Target
file
-
Size
504KB
-
MD5
c8d4d2a19b9cbf6266f47a0fcc87a1a0
-
SHA1
932867e770a3829bc70b2a00122d7dc5cf3f44b9
-
SHA256
187cb39f278b18e3d77c8132d18dc34d67ebb7763d14487e63f866767ef978d8
-
SHA512
311db65a97824c9e40a032cc8f1b8884e7a0462e26fd05bb71a43a68e2fdb4f40c949d101363551a398a73a14d1cbcf14f973ac0665f7ed571b63fa19b40aa08
-
SSDEEP
6144:2drK7NgLt1bJD0T7MzxSoViF6v4Rm9E3YaXdyDt1wCWXwOu1ql:2dhp1bJoHMzzMF6wRaE3YawxOUql
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-