General
-
Target
fe105a23e4bee42b0401669d6ce9d34dbc7816a6cbef7c7108e11adc3c339257
-
Size
137KB
-
Sample
221125-eel7vsaa26
-
MD5
9299834655f07e6896b1ff0b9e92c7b4
-
SHA1
acba1e9262b4aebf020758e30326afdc99c714ad
-
SHA256
fe105a23e4bee42b0401669d6ce9d34dbc7816a6cbef7c7108e11adc3c339257
-
SHA512
7ab23ac1eedb82044946bb9e6afb308580d434be45f3ebd18c5fc90cd98281738e4f50e75a3506315785e60d93e90cc4facc285fe7760985dfe0fd47771bc650
-
SSDEEP
3072:HYO/ZMTFNx+2I3rG1yV23fj8KLBWFtyRxvhMSS86W:HYMZMBNxFISMV+hjvha
Behavioral task
behavioral1
Sample
fe105a23e4bee42b0401669d6ce9d34dbc7816a6cbef7c7108e11adc3c339257.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
pops
31.41.244.14:4694
-
auth_value
c377eb074ac3f12f85b0ff38d543b16d
Targets
-
-
Target
fe105a23e4bee42b0401669d6ce9d34dbc7816a6cbef7c7108e11adc3c339257
-
Size
137KB
-
MD5
9299834655f07e6896b1ff0b9e92c7b4
-
SHA1
acba1e9262b4aebf020758e30326afdc99c714ad
-
SHA256
fe105a23e4bee42b0401669d6ce9d34dbc7816a6cbef7c7108e11adc3c339257
-
SHA512
7ab23ac1eedb82044946bb9e6afb308580d434be45f3ebd18c5fc90cd98281738e4f50e75a3506315785e60d93e90cc4facc285fe7760985dfe0fd47771bc650
-
SSDEEP
3072:HYO/ZMTFNx+2I3rG1yV23fj8KLBWFtyRxvhMSS86W:HYMZMBNxFISMV+hjvha
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-