General
-
Target
b9e0eeb1f64ba3d9cbe4b681c746e949aa86c91631ad63487c76512c76fa2d92.zip
-
Size
51KB
-
Sample
230328-lp4cfsca2s
-
MD5
192fbb854ae81d69a91f27046a828408
-
SHA1
fabfe226e517c89d2abb1bf58e438adf60f2e9a0
-
SHA256
b8be1c5a8028ff82edbebc92492689aed4a8d9371987d72e1eaf9d1bc638c881
-
SHA512
4f6a7e6997257e954171e0496a32ebb4a7c550110cdefa675dc5b81c52a8c0bc13e19b852fc53da427b74528b095785663341de8e6f770547ccd71a27daa4c04
-
SSDEEP
1536:LfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuB9:v+MHQFHvtKLvhuB9
Behavioral task
behavioral1
Sample
b9e0eeb1f64ba3d9cbe4b681c746e949aa86c91631ad63487c76512c76fa2d92.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
b9e0eeb1f64ba3d9cbe4b681c746e949aa86c91631ad63487c76512c76fa2d92
-
Size
175KB
-
MD5
c05af841705f84342d1476e98eb35b39
-
SHA1
3d76efe118b879b8458e4327fbbddebc7c70b581
-
SHA256
b9e0eeb1f64ba3d9cbe4b681c746e949aa86c91631ad63487c76512c76fa2d92
-
SHA512
3645a79a89202e0c3a084f221f75197a89861fd47722b7cfb0998d52b8b0113dd3921f2cb46ff1f677cf664b221558e2baabb14630780ad3242e1ef22f09af1b
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-