General
-
Target
MicrosoftRuntimeComponentsX86.exe
-
Size
1.7MB
-
Sample
230116-yjn2sscd89
-
MD5
ca476dff32e2b9a3d100aa67e793e3fe
-
SHA1
e14a1624fce6b8aafe758f53af93cc3ca5b405d9
-
SHA256
56733c9f52b57912adfdac911962088e80e720c97aa41a1872f44034115ad7a0
-
SHA512
ca43d93622f338054e6dce00b18cc10e6ed81a29a96010af46b78529cdd429b658f07b5463733105c9625aff1e3656258f089dae37b8d29b99574250c0b6115f
-
SSDEEP
49152:g7ogYAGU7ULrbt16UCFWg+z17bDfxGdZsaKD:7HdGPm
Static task
static1
Behavioral task
behavioral1
Sample
MicrosoftRuntimeComponentsX86.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
3
95.217.102.105:1695
-
auth_value
7e0bcb35814c2bd07d2c8514ccd792fc
Targets
-
-
Target
MicrosoftRuntimeComponentsX86.exe
-
Size
1.7MB
-
MD5
ca476dff32e2b9a3d100aa67e793e3fe
-
SHA1
e14a1624fce6b8aafe758f53af93cc3ca5b405d9
-
SHA256
56733c9f52b57912adfdac911962088e80e720c97aa41a1872f44034115ad7a0
-
SHA512
ca43d93622f338054e6dce00b18cc10e6ed81a29a96010af46b78529cdd429b658f07b5463733105c9625aff1e3656258f089dae37b8d29b99574250c0b6115f
-
SSDEEP
49152:g7ogYAGU7ULrbt16UCFWg+z17bDfxGdZsaKD:7HdGPm
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-