General
-
Target
7f506fc1ce726c7fff6ee29e31be136e166ab1c220a3cdc045ed3524d753a82a
-
Size
359KB
-
Sample
230103-18a8cada94
-
MD5
eb99e15c482fa940141db76c412068de
-
SHA1
9f6a34d575238f5acfde74621ed40ac81b85c7e6
-
SHA256
7f506fc1ce726c7fff6ee29e31be136e166ab1c220a3cdc045ed3524d753a82a
-
SHA512
19168ebe072bac1abec25fa25bd1f4150eb01f3122d77b30fa454409707ad135faf5e855186b62cf7ec4a131447023e44ef7c7ff3890cf0716923878e963dc6b
-
SSDEEP
6144:zuLlD3QcWJnikayXP0bo8FIEbA6pYJFQ0MeQPlnFQUZY:zuxD3QcWJntx0brIEbA6OFIlnF
Static task
static1
Behavioral task
behavioral1
Sample
7f506fc1ce726c7fff6ee29e31be136e166ab1c220a3cdc045ed3524d753a82a.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
7f506fc1ce726c7fff6ee29e31be136e166ab1c220a3cdc045ed3524d753a82a
-
Size
359KB
-
MD5
eb99e15c482fa940141db76c412068de
-
SHA1
9f6a34d575238f5acfde74621ed40ac81b85c7e6
-
SHA256
7f506fc1ce726c7fff6ee29e31be136e166ab1c220a3cdc045ed3524d753a82a
-
SHA512
19168ebe072bac1abec25fa25bd1f4150eb01f3122d77b30fa454409707ad135faf5e855186b62cf7ec4a131447023e44ef7c7ff3890cf0716923878e963dc6b
-
SSDEEP
6144:zuLlD3QcWJnikayXP0bo8FIEbA6pYJFQ0MeQPlnFQUZY:zuxD3QcWJntx0brIEbA6OFIlnF
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-