General
-
Target
9be4c94d3e2ce6f9589f7833b5405730.exe
-
Size
416KB
-
Sample
230202-l43pgahf7w
-
MD5
9be4c94d3e2ce6f9589f7833b5405730
-
SHA1
b6be760d8d59c2393a71cace68d3a578ec79f080
-
SHA256
250f05183329680ee72afa9443073a442e5428c9c14efaa4e3c6185d75727211
-
SHA512
93e60fe0205103c3c49764a7a3ae84c4142ae11a1ff4231accea6b6af1df31dbb233049b06a66cfcd79d25c1c5a0cffb56646859b27a35b72a9255742f5b4650
-
SSDEEP
6144:8SLFgCB9o0nCxBnH3naucBYl1JvRuALsNL/aV9/CJTk637eQfnd5MdB:XhBaxNatYlPvRdYNLyV9CJb7d5
Static task
static1
Behavioral task
behavioral1
Sample
9be4c94d3e2ce6f9589f7833b5405730.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
milaf
193.233.20.5:4136
-
auth_value
68aaee25afe3d0ae7d4db09dea02347c
Targets
-
-
Target
9be4c94d3e2ce6f9589f7833b5405730.exe
-
Size
416KB
-
MD5
9be4c94d3e2ce6f9589f7833b5405730
-
SHA1
b6be760d8d59c2393a71cace68d3a578ec79f080
-
SHA256
250f05183329680ee72afa9443073a442e5428c9c14efaa4e3c6185d75727211
-
SHA512
93e60fe0205103c3c49764a7a3ae84c4142ae11a1ff4231accea6b6af1df31dbb233049b06a66cfcd79d25c1c5a0cffb56646859b27a35b72a9255742f5b4650
-
SSDEEP
6144:8SLFgCB9o0nCxBnH3naucBYl1JvRuALsNL/aV9/CJTk637eQfnd5MdB:XhBaxNatYlPvRdYNLyV9CJb7d5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-