General
-
Target
tmp
-
Size
137KB
-
Sample
221203-fg1npsfc72
-
MD5
95f87c3bbcfa9a231f2cec0db2d77662
-
SHA1
24ef6df0be4c0a48ff861971c0f583f58e81f180
-
SHA256
819dfffdbfe373432e042591499367839cc4a2a9f195571e2926aa2a0d152ecd
-
SHA512
1396f52d2c43b1518b278804d62fd00c77ae2ce4a5aae8054ad12cffa7a7dfadfcc779b1685fcb96964f2d29c2a66226714a49c03fc15756f1b4c3c28919cf09
-
SSDEEP
3072:5YO/ZMTFx9+Co4TVGS91dxGh/iWFxyRXchVSSwu:5YMZMBx9Zouvc/iXBch
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
1
79.137.196.94:48705
-
auth_value
6a4b05ef943a0dd801fd01dfbb9eb717
Targets
-
-
Target
tmp
-
Size
137KB
-
MD5
95f87c3bbcfa9a231f2cec0db2d77662
-
SHA1
24ef6df0be4c0a48ff861971c0f583f58e81f180
-
SHA256
819dfffdbfe373432e042591499367839cc4a2a9f195571e2926aa2a0d152ecd
-
SHA512
1396f52d2c43b1518b278804d62fd00c77ae2ce4a5aae8054ad12cffa7a7dfadfcc779b1685fcb96964f2d29c2a66226714a49c03fc15756f1b4c3c28919cf09
-
SSDEEP
3072:5YO/ZMTFx9+Co4TVGS91dxGh/iWFxyRXchVSSwu:5YMZMBx9Zouvc/iXBch
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-