General
-
Target
file
-
Size
346KB
-
Sample
221115-3qrtgsge52
-
MD5
3b9a3c75809633dc825e1aa04113d02e
-
SHA1
f529f89a51af570cff16eb320a018d4ebd11f3fd
-
SHA256
40dcd8c71fb89aa24fed6277157294f516ee2fc1aefe8fd851e9ab647edf2ca0
-
SHA512
584fb29a6020ecd9d30607b86d8e30f73736d82b1d193bc54dd6cb79d6c2cc726669e3ab16cb717233da6509aef1b08da60cca8c52adfa95e0420fbc941d6699
-
SSDEEP
6144:pKyjDa0C0kjuhvkvauR+2MQ9a5Sg8KHAbeNHFJCxtW:oyXabgqauR+2MMdg/HwUl
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file
-
Size
346KB
-
MD5
3b9a3c75809633dc825e1aa04113d02e
-
SHA1
f529f89a51af570cff16eb320a018d4ebd11f3fd
-
SHA256
40dcd8c71fb89aa24fed6277157294f516ee2fc1aefe8fd851e9ab647edf2ca0
-
SHA512
584fb29a6020ecd9d30607b86d8e30f73736d82b1d193bc54dd6cb79d6c2cc726669e3ab16cb717233da6509aef1b08da60cca8c52adfa95e0420fbc941d6699
-
SSDEEP
6144:pKyjDa0C0kjuhvkvauR+2MQ9a5Sg8KHAbeNHFJCxtW:oyXabgqauR+2MMdg/HwUl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-