General
-
Target
file.exe
-
Size
347KB
-
Sample
221115-1lgrlsbh6v
-
MD5
23e739c967b91d0e17bfa0ff1df0c3e6
-
SHA1
5c91a2a0aab95b564a64d807db85dcaec67e9d52
-
SHA256
05aab6dc3d179f630f9b54499dfcae090e625c176df8c19e34eca7d73e5eda1f
-
SHA512
03950dc1f144243f755761e376917a67adb5fa1d52a29af780f711541e084984f68dee5c895d062e213cf77a9182005b7f474fff6af3b64b18d349e3b7147d00
-
SSDEEP
6144:l8iPz3c5iiX9CcHebnouDrkOLjwCIAUaZ81I+WTtlF:ljPr9itCCebnoKrkOL+AUaZ81
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file.exe
-
Size
347KB
-
MD5
23e739c967b91d0e17bfa0ff1df0c3e6
-
SHA1
5c91a2a0aab95b564a64d807db85dcaec67e9d52
-
SHA256
05aab6dc3d179f630f9b54499dfcae090e625c176df8c19e34eca7d73e5eda1f
-
SHA512
03950dc1f144243f755761e376917a67adb5fa1d52a29af780f711541e084984f68dee5c895d062e213cf77a9182005b7f474fff6af3b64b18d349e3b7147d00
-
SSDEEP
6144:l8iPz3c5iiX9CcHebnouDrkOLjwCIAUaZ81I+WTtlF:ljPr9itCCebnoKrkOL+AUaZ81
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-