General
-
Target
06be538d980890259f83cc616d397bf4.bin
-
Size
242KB
-
Sample
230325-bc2mzscd8s
-
MD5
f872d7f7bebc4ed40869167d956688d4
-
SHA1
6fce8bb393bd6c435b44f60f5b7ffc8e15eff876
-
SHA256
9c4d7bdf3e33ee7c1687b875100a5a8e83e2d17687ca5346db7d79ef3a17915b
-
SHA512
c9e39a2a8646bf9c40bfc41b6894d963bae09714648b651179b766b2a95c9cbd6eda7826beedf8cdc1aa83086cc13edbf016a6c75421591889c3588c89cca8db
-
SSDEEP
6144:yflVqQ1uiME/LduUqx+UZhZP2+YWDr+ux:Mvq4uiMQClZnPzr+a
Static task
static1
Behavioral task
behavioral1
Sample
ad4227d7167e62d588b09e1f04043088d048c81364534491945fd54b0fb58ad7.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
dozk
91.215.85.15:25916
-
auth_value
9f1dc4ff242fb8b53742acae0ef96143
Targets
-
-
Target
ad4227d7167e62d588b09e1f04043088d048c81364534491945fd54b0fb58ad7.exe
-
Size
311KB
-
MD5
06be538d980890259f83cc616d397bf4
-
SHA1
083875c97333f278823d3c938d743347c2243357
-
SHA256
ad4227d7167e62d588b09e1f04043088d048c81364534491945fd54b0fb58ad7
-
SHA512
2086e009666a0eac8392c5c5433e7ededb3193d42bb2fa70e50d7318e32db23966453deadca3bf29ef6afb02bfc94019d2576abba30c10647a90e3de0ae0b25c
-
SSDEEP
3072:v/niGY8XLzFt23TNvXTu56ytWbr1ipANfZQl0q9Uvzfb8eXUjL0B0TtNbVG5ZrkK:328XLptAR/TYmBiWJ3OUjuLbQZ4u6SP
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-