General
-
Target
file.exe
-
Size
346KB
-
Sample
221115-wme7ysfb49
-
MD5
3aeca3d2904a09028cedf699f21188c0
-
SHA1
cfd7692e1c608279441aec7b1e14466a1e8aa9a5
-
SHA256
b6c95d8118dfc20e80490fab74fa68d156831809c10004a00fd29ae4fb9c68be
-
SHA512
6379caa27f0e24ea6a9519c17ae1872f78f76c15f691473e0283b263bb0c5af752f71b7ce9fc1b91d1b6e57ace8c78e6299be0196d7d9f1d71e14259fa99988f
-
SSDEEP
6144:be+s6hKKJ0EqONthKmjC0cNuWrRYIqDew4mYhBht8Gi:be+6unqO7hKexKuWrRYv1Yz
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file.exe
-
Size
346KB
-
MD5
3aeca3d2904a09028cedf699f21188c0
-
SHA1
cfd7692e1c608279441aec7b1e14466a1e8aa9a5
-
SHA256
b6c95d8118dfc20e80490fab74fa68d156831809c10004a00fd29ae4fb9c68be
-
SHA512
6379caa27f0e24ea6a9519c17ae1872f78f76c15f691473e0283b263bb0c5af752f71b7ce9fc1b91d1b6e57ace8c78e6299be0196d7d9f1d71e14259fa99988f
-
SSDEEP
6144:be+s6hKKJ0EqONthKmjC0cNuWrRYIqDew4mYhBht8Gi:be+6unqO7hKexKuWrRYv1Yz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-