General
-
Target
787891de8712fed8bb186dc7903b5b6a9453a513a8908358eda10fd81200aac6
-
Size
278KB
-
Sample
230131-fevdxagc8w
-
MD5
509c42fec4a9b6e905c6aaa7fb97719a
-
SHA1
f3eaaa7205d1511d68315ff4629b37dd9549b355
-
SHA256
787891de8712fed8bb186dc7903b5b6a9453a513a8908358eda10fd81200aac6
-
SHA512
4f017334607e372a3d844f55fed59463371c60ecf7b978a2a65fe955ddfdabb73052611522483d30fd678d30cb7eff3644cca1f76e4a7044c0948175f3a9bdb8
-
SSDEEP
6144:JLQo0LZYr0rFwSXbrvhE1bXmw4Xo6RdwBDQ9xd:JUoUyr07X3vh2bWhLDl
Static task
static1
Behavioral task
behavioral1
Sample
787891de8712fed8bb186dc7903b5b6a9453a513a8908358eda10fd81200aac6.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
fredy
62.204.41.170:4132
-
auth_value
880249eef9593d49a1a3cddf57c5cb35
Targets
-
-
Target
787891de8712fed8bb186dc7903b5b6a9453a513a8908358eda10fd81200aac6
-
Size
278KB
-
MD5
509c42fec4a9b6e905c6aaa7fb97719a
-
SHA1
f3eaaa7205d1511d68315ff4629b37dd9549b355
-
SHA256
787891de8712fed8bb186dc7903b5b6a9453a513a8908358eda10fd81200aac6
-
SHA512
4f017334607e372a3d844f55fed59463371c60ecf7b978a2a65fe955ddfdabb73052611522483d30fd678d30cb7eff3644cca1f76e4a7044c0948175f3a9bdb8
-
SSDEEP
6144:JLQo0LZYr0rFwSXbrvhE1bXmw4Xo6RdwBDQ9xd:JUoUyr07X3vh2bWhLDl
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-