General
-
Target
qu0544.exe
-
Size
386KB
-
Sample
230327-bpjmyach4z
-
MD5
d5b133cc6cf87712531a8bcbddbc2623
-
SHA1
62c442d4ff62589a02ffd610ba9b48f93932b467
-
SHA256
f37cdda29b2284eefe2b8f18d501315623d16598037facde6b46e65d12e02c23
-
SHA512
040b7ce08685f509d988b067a7669ddb5933e493580157bf4f9ecdbb82a103ecd0e988710c3757f2b4805f33948b52fccf135f414c82a2faa77975fa4e95ccc4
-
SSDEEP
12288:RBGU4+32Li0B0c43xCnMTKbwxo0lf+IXO:R337s4hmM+8xH
Static task
static1
Behavioral task
behavioral1
Sample
qu0544.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
boris
193.233.20.32:4125
-
auth_value
766b5bdf6dbefcf7ca223351952fc38f
Targets
-
-
Target
qu0544.exe
-
Size
386KB
-
MD5
d5b133cc6cf87712531a8bcbddbc2623
-
SHA1
62c442d4ff62589a02ffd610ba9b48f93932b467
-
SHA256
f37cdda29b2284eefe2b8f18d501315623d16598037facde6b46e65d12e02c23
-
SHA512
040b7ce08685f509d988b067a7669ddb5933e493580157bf4f9ecdbb82a103ecd0e988710c3757f2b4805f33948b52fccf135f414c82a2faa77975fa4e95ccc4
-
SSDEEP
12288:RBGU4+32Li0B0c43xCnMTKbwxo0lf+IXO:R337s4hmM+8xH
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-