General
-
Target
32fbf5eaa7c521ba863db82d2a7668fffd9382da54f52493d9a9758efe2b6c59
-
Size
328KB
-
Sample
230104-w5aeesce41
-
MD5
557c5322568e673d80e7f525e69be45a
-
SHA1
89c9d9700e3633cba08ff8c91b8dffbafba7fd21
-
SHA256
b6da8e64452fb0470c201dde76b04c111b89170665fbfb00868297904ca785b0
-
SHA512
cf8a7e69cbc964b00e2dd266823358bc06059c112e4e25167e53d8ef1ce5ce3c629d4958b781180b13769a56ca3cfce676f56fd833ba358b4c477e205c37b649
-
SSDEEP
6144:YGQbExeQIBayefsXF07aE6dkUr58oZacpoOOk2B6t3EDizh7UUhmkFXjroJap2TO:YFYsQAGsXsavfrR5n2B6FEDOh7UUhmN8
Static task
static1
Behavioral task
behavioral1
Sample
32fbf5eaa7c521ba863db82d2a7668fffd9382da54f52493d9a9758efe2b6c59.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
32fbf5eaa7c521ba863db82d2a7668fffd9382da54f52493d9a9758efe2b6c59
-
Size
465KB
-
MD5
4be32c330e2b9dddd993bbed60a10e9a
-
SHA1
db57b19fd57a4891b90cdf220fa7bd672f99cb19
-
SHA256
32fbf5eaa7c521ba863db82d2a7668fffd9382da54f52493d9a9758efe2b6c59
-
SHA512
f2c55dc65be2a9881604736c12f0d114710d78c3536b1ff846cc76a95090d45ecf796a5b9d24dcb21f60ea49baec3885828eb031bc794bfc08523b66f58c2dc1
-
SSDEEP
12288:7GqiTSvnwGsXAavfzV5n2B6BINWoxupmLmm7b:7tiICAm7fn2B9goUYLH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-