General
-
Target
6cf2655af693736508e2dae8b2f337c4.exe
-
Size
416KB
-
Sample
230202-jl1q2sfe45
-
MD5
6cf2655af693736508e2dae8b2f337c4
-
SHA1
1d9dba4f6d6a90e65051b3cd8fab265293097254
-
SHA256
3baf17a23a490f68f9a92415e0bdcd81162f3fec71775de9442817edfdff8a2e
-
SHA512
b42eb0d9047dfc805e5ae9808aa553868dd96e996f993f484aa1376255683eb6119d8cb5291c2256a568520537e9ea9c1a59a7b23a481c7e8f9e7a30ce1dc551
-
SSDEEP
6144:z+Ld6kR9TAN1h/dRX254GnKttJD9dVdrrJCR5ewj9/CJTk637eQfnd5oB:aBR5Azh/TNttRdCRFj9CJb7d5
Static task
static1
Behavioral task
behavioral1
Sample
6cf2655af693736508e2dae8b2f337c4.exe
Resource
win7-20220812-en
Malware Config
Extracted
redline
milaf
193.233.20.5:4136
-
auth_value
68aaee25afe3d0ae7d4db09dea02347c
Targets
-
-
Target
6cf2655af693736508e2dae8b2f337c4.exe
-
Size
416KB
-
MD5
6cf2655af693736508e2dae8b2f337c4
-
SHA1
1d9dba4f6d6a90e65051b3cd8fab265293097254
-
SHA256
3baf17a23a490f68f9a92415e0bdcd81162f3fec71775de9442817edfdff8a2e
-
SHA512
b42eb0d9047dfc805e5ae9808aa553868dd96e996f993f484aa1376255683eb6119d8cb5291c2256a568520537e9ea9c1a59a7b23a481c7e8f9e7a30ce1dc551
-
SSDEEP
6144:z+Ld6kR9TAN1h/dRX254GnKttJD9dVdrrJCR5ewj9/CJTk637eQfnd5oB:aBR5Azh/TNttRdCRFj9CJb7d5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-