General
-
Target
f3cf62907da44c4e0fa28d0e246a56f6f35aaeb14b3cdd31e01a6642f2d00726
-
Size
303KB
-
Sample
221204-eh47vaea92
-
MD5
9c6bea89dec7ee98ba202626257aa7b9
-
SHA1
19da8e8db6a2894547f7aa8561d370c4337eeedb
-
SHA256
5094ece632512c982949a4f9143b108a8abfa8a3db8cb0e6e97990d589bcf56f
-
SHA512
10434c0209692d230573c5beb4acd1a253278a4a98e4670bcd697ae64e4b39eb206d2f53ead57171a20bbd354f0974dbb1105580f0927afc5b843cb39d2117cd
-
SSDEEP
6144:xU2EZbaIl5lWjaQna5jN+fglOBo4cC8iyFVD9v15A+7UHfpsMQjo3LD:xRcdvlWjHnt04R8iyFVpvP+Hfpao3LD
Static task
static1
Behavioral task
behavioral1
Sample
f3cf62907da44c4e0fa28d0e246a56f6f35aaeb14b3cdd31e01a6642f2d00726.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
NewDef2023
185.106.92.214:2510
-
auth_value
048f34b18865578890538db10b2e9edf
Targets
-
-
Target
f3cf62907da44c4e0fa28d0e246a56f6f35aaeb14b3cdd31e01a6642f2d00726
-
Size
459KB
-
MD5
87f4e43658c1e006f3229d9afd2ee660
-
SHA1
4745997874d879ca66a9e4672b84896a6da0927f
-
SHA256
f3cf62907da44c4e0fa28d0e246a56f6f35aaeb14b3cdd31e01a6642f2d00726
-
SHA512
33d55240ba9e48e56e743859194abe9b22f9cf1664d9657a635e8a0de38641ffb2bdf9ea7e6ab1bbafc49e3602132f4ca641b93e64c3537310a69c251b8017c1
-
SSDEEP
6144:XZzIcVLLAMjOKRjvi/aQna5fN+fglyBo4cC8IyFVD9v15a+7UHfXGuRjMgUW:XVpVNjO7/Hnnu4R8IyFVpvPMHfRQg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-