General
-
Target
tmp
-
Size
175KB
-
Sample
230118-lek35aea58
-
MD5
217a9bc8298a3349d4f0848a6dbe4624
-
SHA1
3780b3fb1ad7cff8b6d2be61e73768b106364e61
-
SHA256
815a468a5c1583dc0acfb30ab3be2401c3d8cf0bbbc5bb1dd5f7a30a321acc1d
-
SHA512
32c66ada7eac2df93b7ed41699bc97ef2ab7faae5219d205f36aedf202c666f1bc88db8594f30a593da6ec6d187966f48e7e3689dcedda78aa1931caa6896296
-
SSDEEP
3072:axqZWBJaHEDgXFevxljHeigFPhETxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOh:IqZVFevnYPh
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
vertu
62.204.41.159:4062
-
auth_value
fcf83997f362e2cd45c3f3c30912dd41
Targets
-
-
Target
tmp
-
Size
175KB
-
MD5
217a9bc8298a3349d4f0848a6dbe4624
-
SHA1
3780b3fb1ad7cff8b6d2be61e73768b106364e61
-
SHA256
815a468a5c1583dc0acfb30ab3be2401c3d8cf0bbbc5bb1dd5f7a30a321acc1d
-
SHA512
32c66ada7eac2df93b7ed41699bc97ef2ab7faae5219d205f36aedf202c666f1bc88db8594f30a593da6ec6d187966f48e7e3689dcedda78aa1931caa6896296
-
SSDEEP
3072:axqZWBJaHEDgXFevxljHeigFPhETxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOh:IqZVFevnYPh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-