General
-
Target
541727afaf2cbd0f87631209f8acf35f0bc11c8f7f0c499326c3dd04e70cb453
-
Size
175KB
-
Sample
230123-exn46sbf74
-
MD5
4f487f33068c6ec1b32383018fd2b41f
-
SHA1
77ff3991fd4cf005c1346bc682a636894cfa41c7
-
SHA256
541727afaf2cbd0f87631209f8acf35f0bc11c8f7f0c499326c3dd04e70cb453
-
SHA512
4d7e71c710aeba42097d777369eed754f6da3a58d51f50e6a45908d387efc657be9593f1c95c79afd455c065457533cc4b928b91bb9f6c48d5ee5a2341e9300b
-
SSDEEP
3072:HxqZWRxamUaY3smgHhU1exHFphizxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOx:RqZFsFKoph
Behavioral task
behavioral1
Sample
541727afaf2cbd0f87631209f8acf35f0bc11c8f7f0c499326c3dd04e70cb453.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
installs
194.226.121.225:12286
-
auth_value
10c13a3b351febb59871b098a09396b8
Targets
-
-
Target
541727afaf2cbd0f87631209f8acf35f0bc11c8f7f0c499326c3dd04e70cb453
-
Size
175KB
-
MD5
4f487f33068c6ec1b32383018fd2b41f
-
SHA1
77ff3991fd4cf005c1346bc682a636894cfa41c7
-
SHA256
541727afaf2cbd0f87631209f8acf35f0bc11c8f7f0c499326c3dd04e70cb453
-
SHA512
4d7e71c710aeba42097d777369eed754f6da3a58d51f50e6a45908d387efc657be9593f1c95c79afd455c065457533cc4b928b91bb9f6c48d5ee5a2341e9300b
-
SSDEEP
3072:HxqZWRxamUaY3smgHhU1exHFphizxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOx:RqZFsFKoph
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-