General
-
Target
file.exe
-
Size
372KB
-
Sample
221116-z8f8xsha3v
-
MD5
2f897ca5b422d15074a9f419717a2ab4
-
SHA1
40b854a7690e1fe7e7300c4c758c0d5b3d5be17f
-
SHA256
f2b9098c14311a5ee47a0630bbcb0c9bd513bc278630229b6de5fb02d7109947
-
SHA512
029342b389ffff5659e626cbb3f537c9587080c9a0b8806483412b940f7ad0a83b90a76c7ceacb40bd8d19668bdbf12941b40b7cd77e472c1adb156e0c8c681c
-
SSDEEP
6144:cH0IL6HlCsk8PKc1fOAjtUcVSqAk5e3bBUpXv7DIOB6VrGGqY+k2hSxGb:cHruFCskoOAjPSqAQqbB2zDIOgVrGuv
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
neruz
193.106.191.27:47242
-
auth_value
0169a8759f3c9be473f782b96a6ff704
Targets
-
-
Target
file.exe
-
Size
372KB
-
MD5
2f897ca5b422d15074a9f419717a2ab4
-
SHA1
40b854a7690e1fe7e7300c4c758c0d5b3d5be17f
-
SHA256
f2b9098c14311a5ee47a0630bbcb0c9bd513bc278630229b6de5fb02d7109947
-
SHA512
029342b389ffff5659e626cbb3f537c9587080c9a0b8806483412b940f7ad0a83b90a76c7ceacb40bd8d19668bdbf12941b40b7cd77e472c1adb156e0c8c681c
-
SSDEEP
6144:cH0IL6HlCsk8PKc1fOAjtUcVSqAk5e3bBUpXv7DIOB6VrGGqY+k2hSxGb:cHruFCskoOAjPSqAQqbB2zDIOgVrGuv
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-