General
-
Target
1be8bdf5ca218b04927da47b456be4f720e87df3561db5754246779edfb92771
-
Size
290KB
-
Sample
230131-sy44nsgh64
-
MD5
d83659f91dffdb8c00827e39140cdba8
-
SHA1
8080aa9ee16ddc77935aec755483b86a190f2fe0
-
SHA256
002362e2c5074636bc0890e620f67c353a6d822276dc74a4136c061a18a3ab63
-
SHA512
bcac8520a111c83242c44c85c4e17da741f1d3d72a7c202d88bccc8d35f4933824f9b75d387b761e2a04187128b9898cc163a4523d4219beac20cec1870d35c7
-
SSDEEP
6144:81jJ8hmp5fIHvu49OYmNqVIhUoI9V22R7RveYdxNvl4:+JdMPP9JWbhUoeV22hR1Ly
Static task
static1
Behavioral task
behavioral1
Sample
1be8bdf5ca218b04927da47b456be4f720e87df3561db5754246779edfb92771.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
fredy
62.204.41.170:4132
-
auth_value
880249eef9593d49a1a3cddf57c5cb35
Targets
-
-
Target
1be8bdf5ca218b04927da47b456be4f720e87df3561db5754246779edfb92771
-
Size
394KB
-
MD5
85f3db6c910eca1089675f12eafae528
-
SHA1
c3f409f688e8c9924aae7b82e866d303bec3e54e
-
SHA256
1be8bdf5ca218b04927da47b456be4f720e87df3561db5754246779edfb92771
-
SHA512
850d2902bacb2c321cd518f963d395dcb8b5af88f1599f22d5431a0849a82d6b7f009066824aba70703ab7c5bf1b86d01f4fcc8169c53994ff321a46f0a51ac2
-
SSDEEP
6144:P3OzLmZik1p5fIHhuO9OYmNaVIhUWI9Vp3F7f4VQY+vlr:PqiIWMBr9JWrhUWeVfzOQt
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-