General
-
Target
d6dfa354ae7f94da16a5cfe204937c6e.exe
-
Size
25KB
-
Sample
221206-xbrbhsda87
-
MD5
d6dfa354ae7f94da16a5cfe204937c6e
-
SHA1
7ab3d9fa5b90c32f6d0303e9cb05dda28b356e6f
-
SHA256
6e3656810664d0e6a74f09a5fd3371e498fba1845d80324e15f9dee88a680948
-
SHA512
3850df48370bbb921f2376f9659614fd494a186ad084e79d653cce43d26c1fe1e6979129538358d5b97e2f5bdedba0a3f6d1c38c4b06abac9d31a88357999431
-
SSDEEP
192:2pNkxGLU2mkJ29bjf++HQ8mdi5JWv14UgLaDyuHnhWgN7asWrfsQlmqnaj8yikA:hxGLU2mkJ29O+HsgGc4HRN7E6loyNA
Static task
static1
Behavioral task
behavioral1
Sample
d6dfa354ae7f94da16a5cfe204937c6e.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d6dfa354ae7f94da16a5cfe204937c6e.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
gads
185.238.171.5:14444
-
auth_value
da6b2d49d41dfa428b9b0ade28cb316e
Targets
-
-
Target
d6dfa354ae7f94da16a5cfe204937c6e.exe
-
Size
25KB
-
MD5
d6dfa354ae7f94da16a5cfe204937c6e
-
SHA1
7ab3d9fa5b90c32f6d0303e9cb05dda28b356e6f
-
SHA256
6e3656810664d0e6a74f09a5fd3371e498fba1845d80324e15f9dee88a680948
-
SHA512
3850df48370bbb921f2376f9659614fd494a186ad084e79d653cce43d26c1fe1e6979129538358d5b97e2f5bdedba0a3f6d1c38c4b06abac9d31a88357999431
-
SSDEEP
192:2pNkxGLU2mkJ29bjf++HQ8mdi5JWv14UgLaDyuHnhWgN7asWrfsQlmqnaj8yikA:hxGLU2mkJ29O+HsgGc4HRN7E6loyNA
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-