General
-
Target
file.exe
-
Size
366KB
-
Sample
221116-h1hckshf36
-
MD5
7bc7ff57dcc8d9be40b37676bc222f56
-
SHA1
0fd788031ef1e7c74f86e0742132bc0be672d8e5
-
SHA256
8dc87ddb1bb5657792603d09bd41b705ee4f6917bea8aeba74ca0c9f9c17ad7e
-
SHA512
ef0c9c4f0bfff5c08dd50f6c2aa9f30b7ac72f36df813cdc951eda5f3223c59452e753f3b0a038126529c03f51dd69e5204639c2c073dcc5a7a078220ac9717f
-
SSDEEP
6144:/WaHBLe0G5VdeTdQeeN9FLOlXNIOv29yY051RiFhHd0k05rkWLwyP:+ahC0G5ykIlSO2wREd0kq7
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file.exe
-
Size
366KB
-
MD5
7bc7ff57dcc8d9be40b37676bc222f56
-
SHA1
0fd788031ef1e7c74f86e0742132bc0be672d8e5
-
SHA256
8dc87ddb1bb5657792603d09bd41b705ee4f6917bea8aeba74ca0c9f9c17ad7e
-
SHA512
ef0c9c4f0bfff5c08dd50f6c2aa9f30b7ac72f36df813cdc951eda5f3223c59452e753f3b0a038126529c03f51dd69e5204639c2c073dcc5a7a078220ac9717f
-
SSDEEP
6144:/WaHBLe0G5VdeTdQeeN9FLOlXNIOv29yY051RiFhHd0k05rkWLwyP:+ahC0G5ykIlSO2wREd0kq7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-