General
-
Target
SоftwаreSetuрFile.zip
-
Size
1.9MB
-
Sample
221216-z67m4aff84
-
MD5
7aa9a4468b555a01f30ec483fc527e29
-
SHA1
1e57f0701f5d1d3bf0afcef62d2d42c29a0847c9
-
SHA256
149d6447f98bf0878e9785b95eb1abf33cfddfd51acb72c4a8631fc47a69b17c
-
SHA512
dd0a29532a81bea5f8e524df16c544531b75217724ae8932eeddd1746b8e9ad852f5b9d48aae20e3b1e257e3e687287dc31be15f37e7a17332fc91f6d81a7763
-
SSDEEP
24576:vb9E3QZNjPQPsch/B/xe6MjFDG25nIttq2:T9qQv4hZ5eVjFPyR
Static task
static1
Behavioral task
behavioral1
Sample
SoftwareSetupFile/SoftwareSetuрFile.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
meta
82.115.223.140:81
-
auth_value
a02dca5ba216d6fee3c0f01f2a9020ab
Targets
-
-
Target
SoftwareSetupFile/SoftwareSetuрFile.exe
-
Size
746.8MB
-
MD5
e02683a72b6cf1ad42c09ce95dc56b1c
-
SHA1
8d6e1eb57ef2aa3d0519d1e66b12914eeefd5d5b
-
SHA256
7757efbff82fd5d283c43bee701148d3dc3a3f86795f8dc5e7c892731041c871
-
SHA512
543e06fe105807158796184b5a23980d9604eb143b79056de26aa347aec3496bd9409223ce2d365e19fd4f454859d9232053f90566e303285f1425f9629bda44
-
SSDEEP
12288:/KHek0TjkkEEEjkP9NjqxA/k4gb6JOnLqOYet3:SKMcP9YlnGOYE3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-