General
-
Target
40b8a2703596e229aee33662ff2bb0f64acddd6e9273c06fb95b28159c75edd0
-
Size
329KB
-
Sample
230104-yxafkahe83
-
MD5
b2bd4cfb6ff4e8ace9e47234fcd7e3a8
-
SHA1
e2ff90aa7e466c606a4086bb6750387fc3f9a1d2
-
SHA256
b52cc028ff91e8d87d63c5b9a4e8c2fea167aa286534d2dec6a2a2acdeadc535
-
SHA512
72fb04a6a39ce7a39b15adaf93a4ef02af3d2d4bbb005c768aa0ca4a4a9dc5fe954aa0ab56b9c8b03b192db2669c09a7cab8a76b3fba11ad78e183567389ba20
-
SSDEEP
6144:rNPhdoAerMA4yVZvkM3i+Qpt/1VpciytHhx26pHyMd:rl8b4y/3i+QRcfhVHd
Static task
static1
Behavioral task
behavioral1
Sample
40b8a2703596e229aee33662ff2bb0f64acddd6e9273c06fb95b28159c75edd0.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
40b8a2703596e229aee33662ff2bb0f64acddd6e9273c06fb95b28159c75edd0
-
Size
466KB
-
MD5
d369f50384ef0c7d3b5e310a39e1e649
-
SHA1
84863544a34985e6439d69efcdd5da6b9e556e13
-
SHA256
40b8a2703596e229aee33662ff2bb0f64acddd6e9273c06fb95b28159c75edd0
-
SHA512
3ebf7d7dfd403a329bd13787573248da2babe317a637eb794877ba3c6aa8f36c7ea90240d2f09c32ccf233ea795f2bdedd1a8a7b8b6259694f798b6d4be4a02b
-
SSDEEP
6144:YV1LqFtsZXHXXedA42VZ/k23i+Q2B4aJoxupmLKdXjT:Y/u/sZ3Xb4ur3i+Qy/JoxupmLK
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-