General
-
Target
97c69706878f332685549621f2070ead.exe
-
Size
276KB
-
Sample
221129-nte7jahf6t
-
MD5
97c69706878f332685549621f2070ead
-
SHA1
c3bf254b3cebcb1c4a4b501384d01b92a4f966b6
-
SHA256
abb25e7ae94fe450924d8f606006f4e0d8d54e7ee23c32b8e4d4efee0192955e
-
SHA512
1881763a19a97ecb486362d3be3506430ef5c1e72313d07d958e3cffa777cce4aaa5b7e33b742d49b36bafa8dfe88b4b51397eeb873cd86033475bbfb39bcf40
-
SSDEEP
6144:HlD2TdTAMhCjY32MOZ0Ux0YTXzlhwyHvWxN:HlDubC0mL1TX1U
Static task
static1
Behavioral task
behavioral1
Sample
97c69706878f332685549621f2070ead.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
NewDef2023
185.106.92.214:2510
-
auth_value
048f34b18865578890538db10b2e9edf
Targets
-
-
Target
97c69706878f332685549621f2070ead.exe
-
Size
276KB
-
MD5
97c69706878f332685549621f2070ead
-
SHA1
c3bf254b3cebcb1c4a4b501384d01b92a4f966b6
-
SHA256
abb25e7ae94fe450924d8f606006f4e0d8d54e7ee23c32b8e4d4efee0192955e
-
SHA512
1881763a19a97ecb486362d3be3506430ef5c1e72313d07d958e3cffa777cce4aaa5b7e33b742d49b36bafa8dfe88b4b51397eeb873cd86033475bbfb39bcf40
-
SSDEEP
6144:HlD2TdTAMhCjY32MOZ0Ux0YTXzlhwyHvWxN:HlDubC0mL1TX1U
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-