General
-
Target
af8a117901459a1edda308d94386ee69bb5ea82db6d27dddf364226616ba3084
-
Size
461KB
-
Sample
230105-eeq6taag93
-
MD5
b6e5de1ecd4871b0663e7a67b02390a9
-
SHA1
34a55ea0a41ca568481b5701757234bcdb6732e1
-
SHA256
af8a117901459a1edda308d94386ee69bb5ea82db6d27dddf364226616ba3084
-
SHA512
097027efedb720c4bf06e8eacf83740fa68427c8860e14e542b730a42d0bbfec2f3ce132296287b2fe49a24b36507471c70de78eb24677afe634c2e3445b641d
-
SSDEEP
6144:KYLHneqZlMpnSoyIjiq4kOMOGh0wwA/OjoxupmLDIjT:KYjeq3M4IjiRoOGhrt/OjoxupmL
Static task
static1
Behavioral task
behavioral1
Sample
af8a117901459a1edda308d94386ee69bb5ea82db6d27dddf364226616ba3084.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
af8a117901459a1edda308d94386ee69bb5ea82db6d27dddf364226616ba3084
-
Size
461KB
-
MD5
b6e5de1ecd4871b0663e7a67b02390a9
-
SHA1
34a55ea0a41ca568481b5701757234bcdb6732e1
-
SHA256
af8a117901459a1edda308d94386ee69bb5ea82db6d27dddf364226616ba3084
-
SHA512
097027efedb720c4bf06e8eacf83740fa68427c8860e14e542b730a42d0bbfec2f3ce132296287b2fe49a24b36507471c70de78eb24677afe634c2e3445b641d
-
SSDEEP
6144:KYLHneqZlMpnSoyIjiq4kOMOGh0wwA/OjoxupmLDIjT:KYjeq3M4IjiRoOGhrt/OjoxupmL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-