General
-
Target
b44a521f5c49ef597c8a09b2e20f4c5ae91ca767f39e4a97a7ed7e2cc4e45b70.exe
-
Size
504KB
-
Sample
221113-x43v1sce84
-
MD5
b13545e13acf9974b2d56f7891f12caf
-
SHA1
d15f82159884b37c464a92698b112b32b226ff1d
-
SHA256
b44a521f5c49ef597c8a09b2e20f4c5ae91ca767f39e4a97a7ed7e2cc4e45b70
-
SHA512
082653259ce5b795ddae642c4c3296a09dcfc8282cd364d53deff16713ed0bc0bd71a09cf00b2b1d314f36d7a15975bb1ec0f3caf9cf5ac26b3e1015f69852a5
-
SSDEEP
12288:Xql/ZvpZ3RhDLhDnSeQhrMWMaSqxp6d6BZUql:XkNpVFoh5xcd6Dl
Static task
static1
Behavioral task
behavioral1
Sample
b44a521f5c49ef597c8a09b2e20f4c5ae91ca767f39e4a97a7ed7e2cc4e45b70.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
neruzki
193.106.191.22:47242
-
auth_value
be14ae67c6dd227f622680a27ea42452
Targets
-
-
Target
b44a521f5c49ef597c8a09b2e20f4c5ae91ca767f39e4a97a7ed7e2cc4e45b70.exe
-
Size
504KB
-
MD5
b13545e13acf9974b2d56f7891f12caf
-
SHA1
d15f82159884b37c464a92698b112b32b226ff1d
-
SHA256
b44a521f5c49ef597c8a09b2e20f4c5ae91ca767f39e4a97a7ed7e2cc4e45b70
-
SHA512
082653259ce5b795ddae642c4c3296a09dcfc8282cd364d53deff16713ed0bc0bd71a09cf00b2b1d314f36d7a15975bb1ec0f3caf9cf5ac26b3e1015f69852a5
-
SSDEEP
12288:Xql/ZvpZ3RhDLhDnSeQhrMWMaSqxp6d6BZUql:XkNpVFoh5xcd6Dl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-