General
-
Target
e5f30ea748c6084e529e5d68149c0ed769261fafe77c8950a04849f414403fe8
-
Size
315KB
-
Sample
221130-y1k2gaee61
-
MD5
be277b631efdc0f5d847370b8a5b3175
-
SHA1
d10abbf1eab65da9947775d998220b47012e39d5
-
SHA256
e5f30ea748c6084e529e5d68149c0ed769261fafe77c8950a04849f414403fe8
-
SHA512
60c7714b5e054e3999504fe3b6ee0e4caab53e74863a4f242b680291d9f621e818081cf6ebcc7791ebdee0b6703259242b4cf4b6468c9573e0116a1864643d27
-
SSDEEP
6144:QMlRT/ZCPS0zqBdkBJVYTgRolOM9Yx3k//ATd4hE+MoB7GWO:QMzraLmBmBqFOMix3G4p4hERO7c
Static task
static1
Behavioral task
behavioral1
Sample
e5f30ea748c6084e529e5d68149c0ed769261fafe77c8950a04849f414403fe8.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
NewDef2023
185.106.92.214:2510
-
auth_value
048f34b18865578890538db10b2e9edf
Targets
-
-
Target
e5f30ea748c6084e529e5d68149c0ed769261fafe77c8950a04849f414403fe8
-
Size
315KB
-
MD5
be277b631efdc0f5d847370b8a5b3175
-
SHA1
d10abbf1eab65da9947775d998220b47012e39d5
-
SHA256
e5f30ea748c6084e529e5d68149c0ed769261fafe77c8950a04849f414403fe8
-
SHA512
60c7714b5e054e3999504fe3b6ee0e4caab53e74863a4f242b680291d9f621e818081cf6ebcc7791ebdee0b6703259242b4cf4b6468c9573e0116a1864643d27
-
SSDEEP
6144:QMlRT/ZCPS0zqBdkBJVYTgRolOM9Yx3k//ATd4hE+MoB7GWO:QMzraLmBmBqFOMix3G4p4hERO7c
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-