General
-
Target
file.exe
-
Size
373KB
-
Sample
221116-yzdwrsgg21
-
MD5
d58baae2872d21408f52ba24377bdf79
-
SHA1
7f3414d6dcfa996e5a67ff73123511c26b4340f8
-
SHA256
27a2b288b767a0b2774af8be88c03b504db27638a56aed6e0ef5a9cb9c69a970
-
SHA512
9ac79d4dbadd6f532f092db320d4afc575ff7883c7e64edd21a40a2f85b383f8e8517dce32163252e65f64e4decb09378c80c0f8f15d59f02e51c1cb5de9200f
-
SSDEEP
6144:LhNL5gn04M8KbvtsU3e5lrcpisXRAIisaxgdfiPs3hsf6aqNXbqrQq2xGb:LDF204MyUcruAIFakiPEpaqpqrQq2A
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file.exe
-
Size
373KB
-
MD5
d58baae2872d21408f52ba24377bdf79
-
SHA1
7f3414d6dcfa996e5a67ff73123511c26b4340f8
-
SHA256
27a2b288b767a0b2774af8be88c03b504db27638a56aed6e0ef5a9cb9c69a970
-
SHA512
9ac79d4dbadd6f532f092db320d4afc575ff7883c7e64edd21a40a2f85b383f8e8517dce32163252e65f64e4decb09378c80c0f8f15d59f02e51c1cb5de9200f
-
SSDEEP
6144:LhNL5gn04M8KbvtsU3e5lrcpisXRAIisaxgdfiPs3hsf6aqNXbqrQq2xGb:LDF204MyUcruAIFakiPEpaqpqrQq2A
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-