General
-
Target
99d52a78f89b007e3c0f91390ec6f48ca16e0f8e1fa3e.exe
-
Size
306KB
-
Sample
230123-lbcmkscf84
-
MD5
7a02cac061509ebec49b26f72dc7ec3c
-
SHA1
ba8f67519eb7e0d1a19234868318d06408007c91
-
SHA256
99d52a78f89b007e3c0f91390ec6f48ca16e0f8e1fa3e9ef61a98539e6511fdf
-
SHA512
739ec4da0828770e944a40fd2e22bb27c1f6858d8e68d169375e60129008a7cc038aa0634697022b4a9154c72efad8ba2e6c8c98e1b2def94c033a6927adb246
-
SSDEEP
6144:QmwQL3wM0KaUSQAgccOF1x0pQVHzKJHg8yDQfPn:VFsM0KL1chF1OW5zSHgDgn
Static task
static1
Behavioral task
behavioral1
Sample
99d52a78f89b007e3c0f91390ec6f48ca16e0f8e1fa3e.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
test1
142.202.242.197:35704
-
auth_value
c885160a503c10a4d67fd1c2cf98f250
Targets
-
-
Target
99d52a78f89b007e3c0f91390ec6f48ca16e0f8e1fa3e.exe
-
Size
306KB
-
MD5
7a02cac061509ebec49b26f72dc7ec3c
-
SHA1
ba8f67519eb7e0d1a19234868318d06408007c91
-
SHA256
99d52a78f89b007e3c0f91390ec6f48ca16e0f8e1fa3e9ef61a98539e6511fdf
-
SHA512
739ec4da0828770e944a40fd2e22bb27c1f6858d8e68d169375e60129008a7cc038aa0634697022b4a9154c72efad8ba2e6c8c98e1b2def94c033a6927adb246
-
SSDEEP
6144:QmwQL3wM0KaUSQAgccOF1x0pQVHzKJHg8yDQfPn:VFsM0KL1chF1OW5zSHgDgn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-