General
-
Target
60f595f639e14976c97c5448e03a32c9fca980eabc3796afa0b97c84c35f067c
-
Size
385KB
-
Sample
221128-xxtnrsab26
-
MD5
ec6dddac0acdd89e00127c8273842054
-
SHA1
de4e8c38b79f1c17fa15e4d08e1b5377629f4d7a
-
SHA256
60f595f639e14976c97c5448e03a32c9fca980eabc3796afa0b97c84c35f067c
-
SHA512
85ef01ff1a295c6bed21fc2aa8290fb1d3a6fb0a8ebee3ab2f8fe1f5bebb62799b3b12db8fa061701b4772b3e02bca7d726a6f8bbd90cd7b060c738f2fa0d867
-
SSDEEP
6144:PvFOkNl2WlcZXRK4BcblFW5caYfxUjoBUp/ykXPd4oVFvg4/FQF:1rNl8FLavpXkXPKoDgSm
Static task
static1
Behavioral task
behavioral1
Sample
60f595f639e14976c97c5448e03a32c9fca980eabc3796afa0b97c84c35f067c.exe
Resource
win10-20220901-en
Malware Config
Extracted
redline
NewDef2023
185.106.92.214:2510
-
auth_value
048f34b18865578890538db10b2e9edf
Targets
-
-
Target
60f595f639e14976c97c5448e03a32c9fca980eabc3796afa0b97c84c35f067c
-
Size
385KB
-
MD5
ec6dddac0acdd89e00127c8273842054
-
SHA1
de4e8c38b79f1c17fa15e4d08e1b5377629f4d7a
-
SHA256
60f595f639e14976c97c5448e03a32c9fca980eabc3796afa0b97c84c35f067c
-
SHA512
85ef01ff1a295c6bed21fc2aa8290fb1d3a6fb0a8ebee3ab2f8fe1f5bebb62799b3b12db8fa061701b4772b3e02bca7d726a6f8bbd90cd7b060c738f2fa0d867
-
SSDEEP
6144:PvFOkNl2WlcZXRK4BcblFW5caYfxUjoBUp/ykXPd4oVFvg4/FQF:1rNl8FLavpXkXPKoDgSm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-