General
-
Target
b4cd73da2d48452218f1cd31ca321562.bin
-
Size
3.1MB
-
Sample
230123-sp3jgsfd9s
-
MD5
e78b7b38cdeead4e39ebcdf94ac2ab65
-
SHA1
ef27c2cfd769dc255b3e4b3b076098a69331a597
-
SHA256
2aba6d1b002af0a38021b1c20be73ee161eac0729d4d6dd641feb7c65d5fb637
-
SHA512
7cd70ad43b8d9cbe131c23f2472b7e340a1aa176ca60679cf8829f8bac61abc26b45ba73e2edfc4c9e164e1d5c6e76bcbd9f3fb0d1265b339cf5d2d36b97c744
-
SSDEEP
98304:c1l1We4Kg3s3y4MthCjXfZpaHPBWsPzJ7wKS8li:cv1z9ys5k4jXfnaHP7zSKL0
Behavioral task
behavioral1
Sample
2c5734f4d9cc0fc20f1a9e5c1fa0133f0894f73a24813be20b6a25da6d90842a.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
Medi2
167.235.156.206:6218
-
auth_value
415e49528666a4468e12b696ddda231f
Targets
-
-
Target
2c5734f4d9cc0fc20f1a9e5c1fa0133f0894f73a24813be20b6a25da6d90842a.exe
-
Size
3.4MB
-
MD5
b4cd73da2d48452218f1cd31ca321562
-
SHA1
3e16b20e5bb5f3ac668acc4c977852d47a905ecd
-
SHA256
2c5734f4d9cc0fc20f1a9e5c1fa0133f0894f73a24813be20b6a25da6d90842a
-
SHA512
9bc0eae6d5a46efddcdca3aeffc961936150f6925146db99fe7df7e01db5ef6aa05e367306bcbe190f6fc6234df843c5f95b76877e087b824308539ed8f5cad1
-
SSDEEP
98304:VGOn1dnJwKCgu/SiYltdYM1Q5/dCSnKtk8H:UOn1dnY6iOrk/tKtk4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-