General
-
Target
file.exe
-
Size
347KB
-
Sample
221116-b5tsvacf6s
-
MD5
7c2c46d4feb84c9b4cc1c043f60372ab
-
SHA1
c5e609df95b5d556167494ff3a9dbdb2059bf69c
-
SHA256
9d5d3c3c43e916ac4aa0005bd63916a4199a9d00eb913005f6a725631dfa7e51
-
SHA512
a550ee392f88aac3bb8c9657dabe5224c979bc9de0312e34bc72400796ca1df1fbec3ec395c5027df50ebe026beb75d5c66ddefc005da6be6b0249d4ccfbef97
-
SSDEEP
6144:L3yp0AXOm1r3VbfnHFg8q23I6Imgm0jX9vDitNKIP8tq:2pXOm1rBfnHFJqk/gmU9L+NB
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file.exe
-
Size
347KB
-
MD5
7c2c46d4feb84c9b4cc1c043f60372ab
-
SHA1
c5e609df95b5d556167494ff3a9dbdb2059bf69c
-
SHA256
9d5d3c3c43e916ac4aa0005bd63916a4199a9d00eb913005f6a725631dfa7e51
-
SHA512
a550ee392f88aac3bb8c9657dabe5224c979bc9de0312e34bc72400796ca1df1fbec3ec395c5027df50ebe026beb75d5c66ddefc005da6be6b0249d4ccfbef97
-
SSDEEP
6144:L3yp0AXOm1r3VbfnHFg8q23I6Imgm0jX9vDitNKIP8tq:2pXOm1rBfnHFJqk/gmU9L+NB
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-