General
-
Target
Refund file.exe
-
Size
335KB
-
Sample
221230-w26y8abd7w
-
MD5
61b09a0ff2525d451b918443f18c55b7
-
SHA1
8daa2e1988bb6f2f2c6d911fdc6640bd2274c29d
-
SHA256
c1b69cdf0cc6c958db4748f46ddd936e070bccbf0bc6e66cafdc6e9badb201e8
-
SHA512
96cfc037d57510dd3e1e6ffb7d487b3e271c2d6a2180706ea33b8206c591509aa3988b2fa3b2b0e898de317e4856f90d4c541c00cf7f5ad631d0aed70319f113
-
SSDEEP
6144:PejRYPoo9tX+xMqTPbpoxaGd4WIDvB3HxhuAiIAgxk4SOdQCvU/:qRYAHTmDIDvB3HxhuAiIAgxk4SOdQCvQ
Behavioral task
behavioral1
Sample
Refund file.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
test1
104.167.223.17:33454
-
auth_value
24b58ec888d29c1b53e37284c0057d42
Targets
-
-
Target
Refund file.exe
-
Size
335KB
-
MD5
61b09a0ff2525d451b918443f18c55b7
-
SHA1
8daa2e1988bb6f2f2c6d911fdc6640bd2274c29d
-
SHA256
c1b69cdf0cc6c958db4748f46ddd936e070bccbf0bc6e66cafdc6e9badb201e8
-
SHA512
96cfc037d57510dd3e1e6ffb7d487b3e271c2d6a2180706ea33b8206c591509aa3988b2fa3b2b0e898de317e4856f90d4c541c00cf7f5ad631d0aed70319f113
-
SSDEEP
6144:PejRYPoo9tX+xMqTPbpoxaGd4WIDvB3HxhuAiIAgxk4SOdQCvU/:qRYAHTmDIDvB3HxhuAiIAgxk4SOdQCvQ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-