General
-
Target
4743bad8f6939aa7645a043208010c2a9e75fbbcbbc8ca597a0c2a74ce7b6cc0
-
Size
50KB
-
Sample
221207-cvndraac7v
-
MD5
d30af611ef85f34e304d07bf44d9c9e9
-
SHA1
fdc043ffbe428d1b4b0355f6f26d918334e551c0
-
SHA256
748a7948e4aa62ba39ddc5f3a8c880618d460ff9431e457f44b8557117e5f0d3
-
SHA512
9840da05af4bcc919da606e5ce30d1349e4ef71e5940ff95bfb1713b355401f45ff668da9c310166ffb3d8eec75b4c25fb131df3edef6906e5e184258987b1ac
-
SSDEEP
1536:ebVm+X8UjvB/7lEMBLtXozgTQvS5rssdDV7Y8lOQ/G:eRm+8UjBTlECto7S5Qs7Y8oL
Behavioral task
behavioral1
Sample
4743bad8f6939aa7645a043208010c2a9e75fbbcbbc8ca597a0c2a74ce7b6cc0.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
wosh
31.41.244.14:4683
-
auth_value
f0ec85e2aaa9e62929e2fb9e09d843f4
Targets
-
-
Target
4743bad8f6939aa7645a043208010c2a9e75fbbcbbc8ca597a0c2a74ce7b6cc0
-
Size
175KB
-
MD5
3b6246132b7fb972ed877b79d700e32e
-
SHA1
af68ac119ccce9c7be5aeefa1e86102ee4019ebb
-
SHA256
4743bad8f6939aa7645a043208010c2a9e75fbbcbbc8ca597a0c2a74ce7b6cc0
-
SHA512
03573c63e3d03d89d2a2971d761d33e8d89895680ae8b7e5ceb3a78c8582666f8a300aad4c6c4a7c1cd118ac774ffce03053c96a57df9e66a02773111dbcfcca
-
SSDEEP
3072:hxqZWBJaHEDgX1Ifef5FchQTxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+cj:TqZV1Iech
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-