General
-
Target
file.exe
-
Size
355KB
-
Sample
230323-dcqltsfa7x
-
MD5
c841f3ba54ae59f29d9e1726e2ea4224
-
SHA1
151b055e592b2c5ab607d33b3a1b4cf1bfcc5134
-
SHA256
6e9f3672d9c38849c09db4e94e1702b04649ad2197cffbcf4ff6994df7a33259
-
SHA512
ff6d1c7de020ea5079f098c2f98fd930df67e99ce60d5cb19cc45a80bff3293c9b1686f0f1ecb0baf4d97242eb22a72c6b21cd309986039ebad38e01c52482e9
-
SSDEEP
6144:+/D+ApNi6b4+CbrhP6urMU9mPnVqE8rVhRwtIEqUJZWf:+L+ApNiCzCbR6urP9mvILVm0cZWf
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
file.exe
-
Size
355KB
-
MD5
c841f3ba54ae59f29d9e1726e2ea4224
-
SHA1
151b055e592b2c5ab607d33b3a1b4cf1bfcc5134
-
SHA256
6e9f3672d9c38849c09db4e94e1702b04649ad2197cffbcf4ff6994df7a33259
-
SHA512
ff6d1c7de020ea5079f098c2f98fd930df67e99ce60d5cb19cc45a80bff3293c9b1686f0f1ecb0baf4d97242eb22a72c6b21cd309986039ebad38e01c52482e9
-
SSDEEP
6144:+/D+ApNi6b4+CbrhP6urMU9mPnVqE8rVhRwtIEqUJZWf:+L+ApNiCzCbR6urP9mvILVm0cZWf
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-