General
-
Target
0x000800000001230f-1061.dat
-
Size
175KB
-
Sample
230328-kwhhwsaa39
-
MD5
8898a9e87600a29c96e6bb71889af25b
-
SHA1
4b9c607287be6921cdfd716129c0285cc52be5a0
-
SHA256
ed00e91258465096f48ad58e70a49cecb633a7bf313d8d0b5c8bb9ca81568c0a
-
SHA512
5795b7ea9d6ee97b8818335a5917341d6a2684022704be32be90af2f32b559a9a6ca0dc0466790f3894ec980b373bd5ff7cb84682145d6ca4f2c18b8133ddbe2
-
SSDEEP
3072:jxqZWRZaPkOQ3TjmTseesFqh+XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwh:1qZoTjalqh
Behavioral task
behavioral1
Sample
0x000800000001230f-1061.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
renta
176.113.115.145:4125
-
auth_value
359596fd5b36e9925ade4d9a1846bafb
Targets
-
-
Target
0x000800000001230f-1061.dat
-
Size
175KB
-
MD5
8898a9e87600a29c96e6bb71889af25b
-
SHA1
4b9c607287be6921cdfd716129c0285cc52be5a0
-
SHA256
ed00e91258465096f48ad58e70a49cecb633a7bf313d8d0b5c8bb9ca81568c0a
-
SHA512
5795b7ea9d6ee97b8818335a5917341d6a2684022704be32be90af2f32b559a9a6ca0dc0466790f3894ec980b373bd5ff7cb84682145d6ca4f2c18b8133ddbe2
-
SSDEEP
3072:jxqZWRZaPkOQ3TjmTseesFqh+XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwh:1qZoTjalqh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-