General
-
Target
37b1a38d404ca22f8b3a57590130fc6e.exe
-
Size
416KB
-
Sample
230202-lvgqmsfg22
-
MD5
37b1a38d404ca22f8b3a57590130fc6e
-
SHA1
c70e883300b09226a8f986342743efcef93ea4ca
-
SHA256
1d480df533e3b8393bddaecd85b153fe55072329cc5d52f78f7d99af8dcc5769
-
SHA512
1d2b121e4a201fdf3f39a1c919e557681342eb108ffc318aa93f7326addb609500bc7afbf91743bdc8f51573124b110b4542c19ddd0713e2c77b4721c5c0f34f
-
SSDEEP
6144:LoLkZz/90T7xgAW1kVidOYFM+ab+xjVJKc7Sx5KfxI9/CJTk637eQfnd5XI8bB:ES/ccJFM+ab+xjVwcY5KfxI9CJb7d5
Static task
static1
Behavioral task
behavioral1
Sample
37b1a38d404ca22f8b3a57590130fc6e.exe
Resource
win7-20221111-en
Malware Config
Extracted
redline
milaf
193.233.20.5:4136
-
auth_value
68aaee25afe3d0ae7d4db09dea02347c
Targets
-
-
Target
37b1a38d404ca22f8b3a57590130fc6e.exe
-
Size
416KB
-
MD5
37b1a38d404ca22f8b3a57590130fc6e
-
SHA1
c70e883300b09226a8f986342743efcef93ea4ca
-
SHA256
1d480df533e3b8393bddaecd85b153fe55072329cc5d52f78f7d99af8dcc5769
-
SHA512
1d2b121e4a201fdf3f39a1c919e557681342eb108ffc318aa93f7326addb609500bc7afbf91743bdc8f51573124b110b4542c19ddd0713e2c77b4721c5c0f34f
-
SSDEEP
6144:LoLkZz/90T7xgAW1kVidOYFM+ab+xjVJKc7Sx5KfxI9/CJTk637eQfnd5XI8bB:ES/ccJFM+ab+xjVwcY5KfxI9CJb7d5
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-