General
-
Target
060f5a5cf627cc4ffd72ee3f5c46a1b455e84af6e27306775bdf92ace8f37abe
-
Size
332KB
-
Sample
230106-enzvbahg5t
-
MD5
89d86fef8ffea961eebd6c9bd827850f
-
SHA1
d00bacc5c73d987d45d9ff43ce77e099d65a7cfa
-
SHA256
060f5a5cf627cc4ffd72ee3f5c46a1b455e84af6e27306775bdf92ace8f37abe
-
SHA512
84e1e35756a4b96c6b7393c3a7d3120afebcdfc372956487fee01a5b0264401e89a79ae089dd9685fa04c792a557580e0194f75857bea80cb8698d99da92b7e0
-
SSDEEP
6144:r55LF+R/McDsu0EoDJgS587MSD4UzCi8dyUd4nOJaii2TXJs:l5p+R/McDwlFgS2Hh2DMipq
Static task
static1
Behavioral task
behavioral1
Sample
060f5a5cf627cc4ffd72ee3f5c46a1b455e84af6e27306775bdf92ace8f37abe.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
sport
31.41.244.98:4063
-
auth_value
82cce55eeb56b322651e98032c09d225
Targets
-
-
Target
060f5a5cf627cc4ffd72ee3f5c46a1b455e84af6e27306775bdf92ace8f37abe
-
Size
332KB
-
MD5
89d86fef8ffea961eebd6c9bd827850f
-
SHA1
d00bacc5c73d987d45d9ff43ce77e099d65a7cfa
-
SHA256
060f5a5cf627cc4ffd72ee3f5c46a1b455e84af6e27306775bdf92ace8f37abe
-
SHA512
84e1e35756a4b96c6b7393c3a7d3120afebcdfc372956487fee01a5b0264401e89a79ae089dd9685fa04c792a557580e0194f75857bea80cb8698d99da92b7e0
-
SSDEEP
6144:r55LF+R/McDsu0EoDJgS587MSD4UzCi8dyUd4nOJaii2TXJs:l5p+R/McDwlFgS2Hh2DMipq
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-