General
-
Target
6dd4e42700f658e6f9fb5cd371334328.exe
-
Size
335KB
-
Sample
230201-smb9hscb9s
-
MD5
6dd4e42700f658e6f9fb5cd371334328
-
SHA1
5a6d03f176ff86dae69f36e91d46b2a974202087
-
SHA256
768eba7cebce8cef3a57585b6b718bbcb4ce6b3a63453a81731fa1285ce39e8f
-
SHA512
6a11562249af7b0e0f6e2c9ccb060234a6d04a283ad00c00569e75e4bf1db8c2d102e25aec3ca910b927318ff2154beebab5cc377f3e103181fa25fbe14c1693
-
SSDEEP
6144:PmKE6ALVh4c0+a1Sqvs/INnK4DM35jWpG+CwQgW:PmlfJh4ua1Sqvs/INnI6I+vd
Static task
static1
Behavioral task
behavioral1
Sample
6dd4e42700f658e6f9fb5cd371334328.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
fredy
62.204.41.170:4132
-
auth_value
880249eef9593d49a1a3cddf57c5cb35
Targets
-
-
Target
6dd4e42700f658e6f9fb5cd371334328.exe
-
Size
335KB
-
MD5
6dd4e42700f658e6f9fb5cd371334328
-
SHA1
5a6d03f176ff86dae69f36e91d46b2a974202087
-
SHA256
768eba7cebce8cef3a57585b6b718bbcb4ce6b3a63453a81731fa1285ce39e8f
-
SHA512
6a11562249af7b0e0f6e2c9ccb060234a6d04a283ad00c00569e75e4bf1db8c2d102e25aec3ca910b927318ff2154beebab5cc377f3e103181fa25fbe14c1693
-
SSDEEP
6144:PmKE6ALVh4c0+a1Sqvs/INnK4DM35jWpG+CwQgW:PmlfJh4ua1Sqvs/INnI6I+vd
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-