General
-
Target
dc4753d7f1d8e4a766e8c86591211f8f691f709589bf0842d0f5a2d06152ac08
-
Size
329KB
-
Sample
230104-t6z1csgh46
-
MD5
f8712f4ad269a97ad6b9091440f1f4d9
-
SHA1
e3d211456ba12c8f39ef399365edc776618108d6
-
SHA256
195400fdb053f588f27d4a4c70c302ec00c15056902cab226a59264eb47c5bcb
-
SHA512
45fa3cf0006a12568820fcd756fa5372147171ba435edb2842d903e3ea2b88ec497f21dff0a0aebae6e89b2ba0d7f3d39ae8a2a6584b5807a2563493e116d871
-
SSDEEP
6144:5Ns9DHNm9lF2H1Q1uGZFwAdg7qwt1DFcx9gmYqs/hX8xkp1uC3p:5Ns9sB2qxvbsygX8xkp1uC3p
Static task
static1
Behavioral task
behavioral1
Sample
dc4753d7f1d8e4a766e8c86591211f8f691f709589bf0842d0f5a2d06152ac08.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
dc4753d7f1d8e4a766e8c86591211f8f691f709589bf0842d0f5a2d06152ac08
-
Size
466KB
-
MD5
4de6e8bf3ffc4d32a51e778561e05a6e
-
SHA1
aa25cc6b33971f964f9ce13970720625d6ec6856
-
SHA256
dc4753d7f1d8e4a766e8c86591211f8f691f709589bf0842d0f5a2d06152ac08
-
SHA512
17e00b066e82a2be0a46ea4d7995c03a6c15b96b182f2667fc4dbe4bb0f839fc710e2bee306e9fe0daaf5cfa3b1bfc40755bddbf9f0950a87738bdf1de22828e
-
SSDEEP
6144:clsLB1B3EtoZFwAtg7qwt1DFcx9g6YMSsDwaIoxupmL7wjT:cSzBbvPeyysVIoxupmL7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-