General
-
Target
198fb046e30bf3991f698eb296859c4c5b1249ccb2f268cc4107dc472ad66d87
-
Size
303KB
-
Sample
221204-vxtbwsac88
-
MD5
c8dc4f98b599cc997074420669eb9f63
-
SHA1
307c204d6b4f5d3246022d00c247f980c302afaa
-
SHA256
de948a8945a497fe9dbdd1e31e7936c622f73087b38f42ead56d0c0077f4a7ed
-
SHA512
5b23ea4e8e534628438e9c0e340aadcb93f7dd220f8fe441f6489b738c17c904a18a770c9da5b1e8f8828da8e8df9b3c246abb290e5a4d4f3c825ca4016ca100
-
SSDEEP
6144:31g4XxgShJePvfR4lkiyEw/LLwEnlST1RbqUhDU7oUDyhIsro6+QxYCpyxr:C4eQAPv9d1DLw/XWUhw/Dyrx7Ur
Static task
static1
Behavioral task
behavioral1
Sample
198fb046e30bf3991f698eb296859c4c5b1249ccb2f268cc4107dc472ad66d87.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
NewDef2023
185.106.92.214:2510
-
auth_value
048f34b18865578890538db10b2e9edf
Targets
-
-
Target
198fb046e30bf3991f698eb296859c4c5b1249ccb2f268cc4107dc472ad66d87
-
Size
459KB
-
MD5
b0a20a2f6a79f9773374de2933842093
-
SHA1
21a95d3952dceb1bc16292a7dac158bca3197346
-
SHA256
198fb046e30bf3991f698eb296859c4c5b1249ccb2f268cc4107dc472ad66d87
-
SHA512
e8307dcb4c63e33851513017e6b11e244bbe1a61953243afb42ba6dafb83ee53f0120eec32fcb3d32ea51133d5d4824503261eaa34721d5a3796a51e98e6c936
-
SSDEEP
6144:sTdmIxLcApQzpPBfePvfR4lkiyKw/LLwEnzST11bqUhD07oUDyhOYuRjMgU:ssmZQzKPv9dHDLwzXWUh4/DyARQg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-