General
-
Target
4a868a96665651699d4b9544b28d395a789ef3cfa6cb0400a9cff71bf5a0cb7d
-
Size
306KB
-
Sample
230103-17yx1sda87
-
MD5
3ea13f80110dd61a815da6e24b788766
-
SHA1
bfa63542bbc53590e5347df0a1268c6cae89ff22
-
SHA256
4a868a96665651699d4b9544b28d395a789ef3cfa6cb0400a9cff71bf5a0cb7d
-
SHA512
832dcaf554c9a1641bde546b7972521dea4878aee728cc402b3ada32a69635784e0b8716b009a14bb125e687ecf86221e8346415b9c2cb705a12434092449114
-
SSDEEP
6144:QLObod1V9+tL7GlXWknanLONFZT/yCct3AbH5sb:QCbKT9+d7QXWzaxq/3qH
Static task
static1
Behavioral task
behavioral1
Sample
4a868a96665651699d4b9544b28d395a789ef3cfa6cb0400a9cff71bf5a0cb7d.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
4a868a96665651699d4b9544b28d395a789ef3cfa6cb0400a9cff71bf5a0cb7d
-
Size
306KB
-
MD5
3ea13f80110dd61a815da6e24b788766
-
SHA1
bfa63542bbc53590e5347df0a1268c6cae89ff22
-
SHA256
4a868a96665651699d4b9544b28d395a789ef3cfa6cb0400a9cff71bf5a0cb7d
-
SHA512
832dcaf554c9a1641bde546b7972521dea4878aee728cc402b3ada32a69635784e0b8716b009a14bb125e687ecf86221e8346415b9c2cb705a12434092449114
-
SSDEEP
6144:QLObod1V9+tL7GlXWknanLONFZT/yCct3AbH5sb:QCbKT9+d7QXWzaxq/3qH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-