General
-
Target
file.exe
-
Size
364KB
-
Sample
221116-rwaavaff7y
-
MD5
bacb0791bbfeb85ed2f098996ddd4952
-
SHA1
d3e4267b1c22c2233b1ba27b364d93029602c261
-
SHA256
b039e9e4aef3cdcde1491fa430148b211a0e8760129c922356f6451e42e70e87
-
SHA512
125e1efad43fc163b31c62e8c4eff118d863151c5d996ebab2649125b2b8e13929e41acc5a97af70f139ac87f7be90449376572bd84afd9087aa30211262fbdd
-
SSDEEP
6144:UpzLRwKjFaBHcbyJFz8xjAVXRjmsCvNt8lg6mukKGl6JECnFEgXas:UJ9JFaNcbykAlRaseomu9GYn
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file.exe
-
Size
364KB
-
MD5
bacb0791bbfeb85ed2f098996ddd4952
-
SHA1
d3e4267b1c22c2233b1ba27b364d93029602c261
-
SHA256
b039e9e4aef3cdcde1491fa430148b211a0e8760129c922356f6451e42e70e87
-
SHA512
125e1efad43fc163b31c62e8c4eff118d863151c5d996ebab2649125b2b8e13929e41acc5a97af70f139ac87f7be90449376572bd84afd9087aa30211262fbdd
-
SSDEEP
6144:UpzLRwKjFaBHcbyJFz8xjAVXRjmsCvNt8lg6mukKGl6JECnFEgXas:UJ9JFaNcbykAlRaseomu9GYn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-