General
-
Target
ae81d0c154590286c5f9828ee564c51c.exe
-
Size
409KB
-
Sample
230202-sef8haab45
-
MD5
ae81d0c154590286c5f9828ee564c51c
-
SHA1
d3197dd3dd26d73a64919da120b1195a770e0983
-
SHA256
3974a362e78341a13e78747c30cf901c007fb0bd3beca1f8162389d9ac486a21
-
SHA512
ea29e52833bc873ece56a5d36d79255c05803845fa4d1d2dee0704c3875cb7a8f87344ded9228714418b168384fd7506d1c3017b1570155b85b8230bf507eea7
-
SSDEEP
6144:knLD2AeGKz5p0ouoH4aoEywGgMqyPdzyCJOTe1e9/CJTk637eQfnd5u8dWB5:an85moQaoEywdMqsBhOTj9CJb7d5Hd4
Static task
static1
Behavioral task
behavioral1
Sample
ae81d0c154590286c5f9828ee564c51c.exe
Resource
win7-20220901-en
Malware Config
Extracted
redline
milaf
193.233.20.5:4136
-
auth_value
68aaee25afe3d0ae7d4db09dea02347c
Targets
-
-
Target
ae81d0c154590286c5f9828ee564c51c.exe
-
Size
409KB
-
MD5
ae81d0c154590286c5f9828ee564c51c
-
SHA1
d3197dd3dd26d73a64919da120b1195a770e0983
-
SHA256
3974a362e78341a13e78747c30cf901c007fb0bd3beca1f8162389d9ac486a21
-
SHA512
ea29e52833bc873ece56a5d36d79255c05803845fa4d1d2dee0704c3875cb7a8f87344ded9228714418b168384fd7506d1c3017b1570155b85b8230bf507eea7
-
SSDEEP
6144:knLD2AeGKz5p0ouoH4aoEywGgMqyPdzyCJOTe1e9/CJTk637eQfnd5u8dWB5:an85moQaoEywdMqsBhOTj9CJb7d5Hd4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-