General
-
Target
8501089069.zip
-
Size
394KB
-
Sample
221202-tt5p3shc6z
-
MD5
a408482e79be9ff23f313921d9dfba87
-
SHA1
218f6a4d07538d9a261adcfc70655049932badfc
-
SHA256
7a6989089d0e01b76bdadc7eab6f8a239cb5e975e10a12c7da0ca8edf71feb20
-
SHA512
96b9d310bea43e55b2ef64e19baa0fabc328e5a192bcbf3c5e2d3357c4691d3de26967000aec993e8c23759661710f9af69c4a0e5e22f07575c2c4417bb21688
-
SSDEEP
6144:eoctl/H4fSX0Josg+MroeH4veKzBGTfEVOZYWoOK+9dfG6jf+TY6kwc:ell/HXOMr7H+kMG2OK+9deuIc
Static task
static1
Behavioral task
behavioral1
Sample
1ae7f3ef7ddba01698382138f378afa8b0f6b35d0555ed56743111d8fdc1692b.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
tool
103.114.107.17:26752
-
auth_value
e81978c9a6b5e777f7865005428e6018
Targets
-
-
Target
1ae7f3ef7ddba01698382138f378afa8b0f6b35d0555ed56743111d8fdc1692b
-
Size
446KB
-
MD5
0e62ca7f0c7ba8f7d595902c355feeeb
-
SHA1
b7a971a139745725c2d4a668ebad97948d86b180
-
SHA256
1ae7f3ef7ddba01698382138f378afa8b0f6b35d0555ed56743111d8fdc1692b
-
SHA512
534b3bf794dba5dbda7a4804b9b300257e07847a0a638570301e6b6d9e35e5e4cb49ac2ab5a7696acef3a8a686e74090178af9487594775c50db08342d8ef09b
-
SSDEEP
12288:bMVpAsQcyuGRKcD8FvLdvbvhtFKty5dFZ3dcl9:2pAs9yHD85vb5jKtOdFZe
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-