General
-
Target
1352-57-0x000000000E840000-0x000000000E878000-memory.dmp
-
Size
224KB
-
Sample
221209-1p1c5ahc8t
-
MD5
115e96a6f7f7ed611c47aeedc7fd91ca
-
SHA1
f48b802b4eb36836cb45aa5084307ba9a2ecab6b
-
SHA256
9cdecc74f98b1e58cf5dbf031af632854de13ae80226c462f18517bf1774d841
-
SHA512
a11a0d736ae62ca9100c68df033038cac0dff906ed5bca1c2534243c6dcafbfc95990e19660872efd170145904d526cd8c4c26cecf1a5c9a09d5f3e577f93e04
-
SSDEEP
3072:a6V+goBZUQMFACYAOXABQ6/q64IxqA4M9krzpiui:a6V+dUlXLOz
Behavioral task
behavioral1
Sample
1352-57-0x000000000E840000-0x000000000E878000-memory.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
1352-57-0x000000000E840000-0x000000000E878000-memory.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
Youtube
94.130.25.22:7996
-
auth_value
6813bf51368103ee00321290e8b3d6d5
Targets
-
-
Target
1352-57-0x000000000E840000-0x000000000E878000-memory.dmp
-
Size
224KB
-
MD5
115e96a6f7f7ed611c47aeedc7fd91ca
-
SHA1
f48b802b4eb36836cb45aa5084307ba9a2ecab6b
-
SHA256
9cdecc74f98b1e58cf5dbf031af632854de13ae80226c462f18517bf1774d841
-
SHA512
a11a0d736ae62ca9100c68df033038cac0dff906ed5bca1c2534243c6dcafbfc95990e19660872efd170145904d526cd8c4c26cecf1a5c9a09d5f3e577f93e04
-
SSDEEP
3072:a6V+goBZUQMFACYAOXABQ6/q64IxqA4M9krzpiui:a6V+dUlXLOz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-