General
-
Target
file.exe
-
Size
329KB
-
Sample
221121-j4zlpsah87
-
MD5
5d0cc8f91951c3ee8feb0a84362a7d08
-
SHA1
29f76338287d37482c38bb0afb17c8bf50ac6fe2
-
SHA256
f29190f00b2eb1f1452fb444e4668e8eeb23a7f29b97d3824e9ed688e8c8135f
-
SHA512
e97e734e3b22e51bb645bc6fa82fefb2fd162d79864b4cffd899bfee70c1208edac0ed6238b01d056efe133196188d214e2b0f053be94d46bd0cd931a225b392
-
SSDEEP
6144:gKAtFDWraYjM74hoahhPs+Kd35MiNf81lyvVLkhOrS6QkbFew:gKU5xY4Eh7sp/tfJvJkIFQ8w
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
dozkey
193.106.191.30:47242
-
auth_value
6386fb6f33ca338f864abfc5f8fe1774
Targets
-
-
Target
file.exe
-
Size
329KB
-
MD5
5d0cc8f91951c3ee8feb0a84362a7d08
-
SHA1
29f76338287d37482c38bb0afb17c8bf50ac6fe2
-
SHA256
f29190f00b2eb1f1452fb444e4668e8eeb23a7f29b97d3824e9ed688e8c8135f
-
SHA512
e97e734e3b22e51bb645bc6fa82fefb2fd162d79864b4cffd899bfee70c1208edac0ed6238b01d056efe133196188d214e2b0f053be94d46bd0cd931a225b392
-
SSDEEP
6144:gKAtFDWraYjM74hoahhPs+Kd35MiNf81lyvVLkhOrS6QkbFew:gKU5xY4Eh7sp/tfJvJkIFQ8w
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-