General
-
Target
7776016bbea5b4c7e67f9bda2d6493444cf785b9115ce.exe
-
Size
297KB
-
Sample
221129-y4zc9scg66
-
MD5
db0eb86ca71632c262136c286b22d7b0
-
SHA1
f6c27bbc17b2e9d8197a38216faf3bafd15a3526
-
SHA256
7776016bbea5b4c7e67f9bda2d6493444cf785b9115cee0ee905e865177ecb69
-
SHA512
12bc96489e2098842d406fbbcfbd7f3b6e401a7cebb83f5e1580e668fd7260a980c175444a8f3efadabfe82e27bebadbfb89568de2b2f49172da00adc7b1bde5
-
SSDEEP
6144:QsjPWM7wEAm+ANAi1HDHAE9n68XJHnJpcUlGO2D:Q4FlXDHAEJJJHoUw
Static task
static1
Behavioral task
behavioral1
Sample
7776016bbea5b4c7e67f9bda2d6493444cf785b9115ce.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
shatest1
91.227.41.144:13353
-
auth_value
f0173af8427ca8dff617fff528514579
Targets
-
-
Target
7776016bbea5b4c7e67f9bda2d6493444cf785b9115ce.exe
-
Size
297KB
-
MD5
db0eb86ca71632c262136c286b22d7b0
-
SHA1
f6c27bbc17b2e9d8197a38216faf3bafd15a3526
-
SHA256
7776016bbea5b4c7e67f9bda2d6493444cf785b9115cee0ee905e865177ecb69
-
SHA512
12bc96489e2098842d406fbbcfbd7f3b6e401a7cebb83f5e1580e668fd7260a980c175444a8f3efadabfe82e27bebadbfb89568de2b2f49172da00adc7b1bde5
-
SSDEEP
6144:QsjPWM7wEAm+ANAi1HDHAE9n68XJHnJpcUlGO2D:Q4FlXDHAEJJJHoUw
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-