General
-
Target
ba1dd82b94a37e0b03169898322c3db6a2b098dfa19429d81f4bda4f953d847a.zip
-
Size
51KB
-
Sample
230328-lp32paac32
-
MD5
4daf018c39b3dd18a4af856027cfd730
-
SHA1
b95c8af61e05b5b9c8e270cd6df61a53789d1018
-
SHA256
21119edc55fa4f24bef56804401dd24e480b6c634e7fa5f0f157316098a5439c
-
SHA512
cb8dab63eb2a9b615dac4d0569084ef2ba07ed9275edde76c0acb702f4f1f8f29e0ecaa39d2be39d20816852d084d357571a189301bbcca5a4a705bdfef60d0b
-
SSDEEP
1536:IfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBo:k+MHQFHvtKLvhuBo
Behavioral task
behavioral1
Sample
ba1dd82b94a37e0b03169898322c3db6a2b098dfa19429d81f4bda4f953d847a.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
ba1dd82b94a37e0b03169898322c3db6a2b098dfa19429d81f4bda4f953d847a
-
Size
175KB
-
MD5
f18535e8b789069ba38b6b2adfd046db
-
SHA1
ba36b25ee622854342a26fa2140a2f870f325f23
-
SHA256
ba1dd82b94a37e0b03169898322c3db6a2b098dfa19429d81f4bda4f953d847a
-
SHA512
5bb5d84e8d77413f3c9f375590bd8627a78a4ce8a34794b51b6b882cdfa6fc2cb615bbe9acbbc998c52f001bb6330e41c343e45ce6d496b3c2e94e877598faee
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-