General
-
Target
file.exe
-
Size
346KB
-
Sample
221115-wa5xvafa73
-
MD5
3123ddea53799d6c942d5635d96557cd
-
SHA1
b36e1bc399e58902b14f9fc0d8223fddb09c3f1e
-
SHA256
be5210552545ccf6d89729d47b60a8fc283839aa6fef5e3c1bac59464c8febd4
-
SHA512
2cfd230a4b58449e27115a3b5c507acd7398867226e23ddfaf5945d7e26a676b2aa3bbec2d2ff1d0ca9cfdb590a0c36a1864b97b48a25a9500dc5b0df07a474e
-
SSDEEP
6144:rIaVwxMleVG0eKjPgr+94e9PWRJ55FUR3Jwt0xb5:saIMIVG3kX9pCJ5jwZ
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file.exe
-
Size
346KB
-
MD5
3123ddea53799d6c942d5635d96557cd
-
SHA1
b36e1bc399e58902b14f9fc0d8223fddb09c3f1e
-
SHA256
be5210552545ccf6d89729d47b60a8fc283839aa6fef5e3c1bac59464c8febd4
-
SHA512
2cfd230a4b58449e27115a3b5c507acd7398867226e23ddfaf5945d7e26a676b2aa3bbec2d2ff1d0ca9cfdb590a0c36a1864b97b48a25a9500dc5b0df07a474e
-
SSDEEP
6144:rIaVwxMleVG0eKjPgr+94e9PWRJ55FUR3Jwt0xb5:saIMIVG3kX9pCJ5jwZ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-