General
-
Target
file
-
Size
543KB
-
Sample
221117-azzlgadd58
-
MD5
b31f6ab3a6d23de685661ac8cc639876
-
SHA1
f8879425aa286233874a91860983bee0989e6501
-
SHA256
ee4977a66fcaa514ea275ecd43bbf0fe9c91816941ed56d0e2b28366a1d6934c
-
SHA512
ef7a984f21f3a283f64b1cbc5fcca7302ad30e50adbeaacd52aa58abf254392454585c3723eecc653f0e1ceef718661f8b62646f959d7d518e5c1ac594900d16
-
SSDEEP
12288:o2VvVW6VFlI0xWpSAmPKvzCP5f4F6uuKSdiQgSeTCry:lVvVWElpxWpWS7i5fHuqgSiCr
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
huilo
193.106.191.27:47242
-
auth_value
d5c84207821bb2a40d836bae8ebb8d55
Targets
-
-
Target
file
-
Size
543KB
-
MD5
b31f6ab3a6d23de685661ac8cc639876
-
SHA1
f8879425aa286233874a91860983bee0989e6501
-
SHA256
ee4977a66fcaa514ea275ecd43bbf0fe9c91816941ed56d0e2b28366a1d6934c
-
SHA512
ef7a984f21f3a283f64b1cbc5fcca7302ad30e50adbeaacd52aa58abf254392454585c3723eecc653f0e1ceef718661f8b62646f959d7d518e5c1ac594900d16
-
SSDEEP
12288:o2VvVW6VFlI0xWpSAmPKvzCP5f4F6uuKSdiQgSeTCry:lVvVWElpxWpWS7i5fHuqgSiCr
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-