General
-
Target
file
-
Size
372KB
-
Sample
221116-2tpmvsdc47
-
MD5
262c996b75df759e3a1ae5b69a634179
-
SHA1
3ccf5f75b63ffc8e0941b0aaeaf414f044810f2b
-
SHA256
91bebf2e6162dfb8d49b50debc53cedf88c82c152eb8d21d3e7ec280b8eb922c
-
SHA512
ad059d5abb22b2eae362f6aa4fb07773d52d9a84dc3d222a32039137c5aa9c7746bbde3eb95c5573f2a9b9cd756241e625455ad9a0c42044202f7123281bd875
-
SSDEEP
6144:usuh4xLyqBWFisk8F9nZxtIjRG6DB65i/hL9xEQ98LOah/RpZDtk+nLkknsE2NxE:uklQiskq9nZxtItbDB6edah/jk+nLkA
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file
-
Size
372KB
-
MD5
262c996b75df759e3a1ae5b69a634179
-
SHA1
3ccf5f75b63ffc8e0941b0aaeaf414f044810f2b
-
SHA256
91bebf2e6162dfb8d49b50debc53cedf88c82c152eb8d21d3e7ec280b8eb922c
-
SHA512
ad059d5abb22b2eae362f6aa4fb07773d52d9a84dc3d222a32039137c5aa9c7746bbde3eb95c5573f2a9b9cd756241e625455ad9a0c42044202f7123281bd875
-
SSDEEP
6144:usuh4xLyqBWFisk8F9nZxtIjRG6DB65i/hL9xEQ98LOah/RpZDtk+nLkknsE2NxE:uklQiskq9nZxtItbDB6edah/jk+nLkA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-