General
-
Target
file.exe
-
Size
346KB
-
Sample
221115-vrdz1sag6z
-
MD5
da40a51751f334a00be583ee41d3f1ab
-
SHA1
f61ab1127ca643cc5c14dd7d5cf002dc87677206
-
SHA256
ee6c6ed378f1dd1d5adc77b87ec6728f386ce55dde4ca8ab3fc20b3a99723dc4
-
SHA512
54e7880e9cb042f173bcff49b83851de5320e9c8ac83d1c240416dd35a9d3b90089184d7a7410f02df83544f068fd7fa48ad7cde39a6df745fdd8a2f6624bd66
-
SSDEEP
6144:IuC0rR1DpmBVOhkpIy92cotyZ8M0fg/mCdEIlP7gLnVKY:IPil+OhkpIy9KyyvfhhICf
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file.exe
-
Size
346KB
-
MD5
da40a51751f334a00be583ee41d3f1ab
-
SHA1
f61ab1127ca643cc5c14dd7d5cf002dc87677206
-
SHA256
ee6c6ed378f1dd1d5adc77b87ec6728f386ce55dde4ca8ab3fc20b3a99723dc4
-
SHA512
54e7880e9cb042f173bcff49b83851de5320e9c8ac83d1c240416dd35a9d3b90089184d7a7410f02df83544f068fd7fa48ad7cde39a6df745fdd8a2f6624bd66
-
SSDEEP
6144:IuC0rR1DpmBVOhkpIy92cotyZ8M0fg/mCdEIlP7gLnVKY:IPil+OhkpIy9KyyvfhhICf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-