General
-
Target
1f6c10027fac3c9ddf65f8671d92a8a8.exe
-
Size
222KB
-
Sample
230323-3bzksacg9v
-
MD5
1f6c10027fac3c9ddf65f8671d92a8a8
-
SHA1
3edbfb47160f79999e2a60368489a0aa622de6bf
-
SHA256
bc4e6fa560775c5cd628fda9b39df43db02310ad5b6ed8703fe8ac1d19884b94
-
SHA512
75df1b88d08a190bb8dcc99752ae860e74a3cfad9f375de96a9e1da278f3843b544cd36025efd2719b64b0ee9488db1415044edc956ad787ac1ec10f559f2001
-
SSDEEP
3072:XTuOYj+zi0ZbYe1g0ujyzd98xc4wK9axJJx80st2hRcLuPR1/WUz4:X6OYqG0LahyD+FE7s8p1Oh
Behavioral task
behavioral1
Sample
1f6c10027fac3c9ddf65f8671d92a8a8.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
Mo2aXYZ
172.174.202.77:2341
Targets
-
-
Target
1f6c10027fac3c9ddf65f8671d92a8a8.exe
-
Size
222KB
-
MD5
1f6c10027fac3c9ddf65f8671d92a8a8
-
SHA1
3edbfb47160f79999e2a60368489a0aa622de6bf
-
SHA256
bc4e6fa560775c5cd628fda9b39df43db02310ad5b6ed8703fe8ac1d19884b94
-
SHA512
75df1b88d08a190bb8dcc99752ae860e74a3cfad9f375de96a9e1da278f3843b544cd36025efd2719b64b0ee9488db1415044edc956ad787ac1ec10f559f2001
-
SSDEEP
3072:XTuOYj+zi0ZbYe1g0ujyzd98xc4wK9axJJx80st2hRcLuPR1/WUz4:X6OYqG0LahyD+FE7s8p1Oh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-