General
-
Target
Setup.exe
-
Size
285KB
-
Sample
221207-jnprkabd9x
-
MD5
5cfa19fc5811fcaafd26de313f6a67d0
-
SHA1
218b91b62ad4a5c42341d9fcf3ddffd561c7c5fb
-
SHA256
320c3ab3a11d62f65a3922d89492b8bb40ca01388f00fe6b33e4b7ed5f359de7
-
SHA512
97f4d53a06fa71b19d73e4caf2e6776d6c497d3a8a2ed47c316bb36903c3c9c9b43b027f814171b421a837c63afc520391478e43ad220db7145e089d8ac8d1a2
-
SSDEEP
6144:y/qXUwga+F02VoLSBNiAQ3/MOXJeg9K4VcpwU9/PZisBJeZx:6qXUta+KLU+/JZeg0siPvBJeZx
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
Youtube
94.130.25.22:7996
-
auth_value
6813bf51368103ee00321290e8b3d6d5
Targets
-
-
Target
Setup.exe
-
Size
285KB
-
MD5
5cfa19fc5811fcaafd26de313f6a67d0
-
SHA1
218b91b62ad4a5c42341d9fcf3ddffd561c7c5fb
-
SHA256
320c3ab3a11d62f65a3922d89492b8bb40ca01388f00fe6b33e4b7ed5f359de7
-
SHA512
97f4d53a06fa71b19d73e4caf2e6776d6c497d3a8a2ed47c316bb36903c3c9c9b43b027f814171b421a837c63afc520391478e43ad220db7145e089d8ac8d1a2
-
SSDEEP
6144:y/qXUwga+F02VoLSBNiAQ3/MOXJeg9K4VcpwU9/PZisBJeZx:6qXUta+KLU+/JZeg0siPvBJeZx
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-