General
-
Target
file.exe
-
Size
483KB
-
Sample
221119-srwhyscd71
-
MD5
91e0e1506ae78aa35eb712c6df7e49b6
-
SHA1
ad3f92ea2cedade84df73b39d39b7fda29c64f33
-
SHA256
d7b731af07c7cd86b2d25c314ef0bff43e3c935daddc6d6d60a2efb8c3fa91c7
-
SHA512
1dede49f32e07150f59fadf68ec0e0135a7e3780ee0e9d8e0aa2b8166ed2459c37edd67c8cc92fbcce2792365051aa3bec6acd75d028367cb88c624c5793cf94
-
SSDEEP
6144:mAU2J4L1H24CvX1IMmzIg1Pg7lDuWqrgl5gz0rz656BYschVVPE+O1voXc:a2JGEK38kPau9rUKQyvDO
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
dozkey
193.106.191.30:47242
-
auth_value
6386fb6f33ca338f864abfc5f8fe1774
Targets
-
-
Target
file.exe
-
Size
483KB
-
MD5
91e0e1506ae78aa35eb712c6df7e49b6
-
SHA1
ad3f92ea2cedade84df73b39d39b7fda29c64f33
-
SHA256
d7b731af07c7cd86b2d25c314ef0bff43e3c935daddc6d6d60a2efb8c3fa91c7
-
SHA512
1dede49f32e07150f59fadf68ec0e0135a7e3780ee0e9d8e0aa2b8166ed2459c37edd67c8cc92fbcce2792365051aa3bec6acd75d028367cb88c624c5793cf94
-
SSDEEP
6144:mAU2J4L1H24CvX1IMmzIg1Pg7lDuWqrgl5gz0rz656BYschVVPE+O1voXc:a2JGEK38kPau9rUKQyvDO
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-