General
-
Target
79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac
-
Size
332KB
-
Sample
230105-17d8lshb2v
-
MD5
767cf221dc37c88c729ce8bcae9e4fc6
-
SHA1
5b23c9225b189fcd74f7deb5b10cd5dccb4577f2
-
SHA256
79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac
-
SHA512
d28d674acddeec960131e6daca3758d3194f87c87a75567fce1c239c35f2e2967c1f8231df56f5d64c879d39d0e7fae9e96e23c293f94bb85c8c9122af5fa39b
-
SSDEEP
6144:N66Lp2T3/qPECaIjc1Rja1CVNxMv8GbPdHZhjEHUIeg:s6V2T3/qPEjIjqRO1Kav8GbFHZ5EHU
Static task
static1
Behavioral task
behavioral1
Sample
79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac
-
Size
332KB
-
MD5
767cf221dc37c88c729ce8bcae9e4fc6
-
SHA1
5b23c9225b189fcd74f7deb5b10cd5dccb4577f2
-
SHA256
79c18fc6fa4812aac1ffecc8fff68791c25b23a4ec4ecf9d8635e72ad20555ac
-
SHA512
d28d674acddeec960131e6daca3758d3194f87c87a75567fce1c239c35f2e2967c1f8231df56f5d64c879d39d0e7fae9e96e23c293f94bb85c8c9122af5fa39b
-
SSDEEP
6144:N66Lp2T3/qPECaIjc1Rja1CVNxMv8GbPdHZhjEHUIeg:s6V2T3/qPEjIjqRO1Kav8GbFHZ5EHU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-