General
-
Target
b769f97d42446ebcc4bac66aab1e6b00bd39e33fcd53ec0bdc068e5977bec559.zip
-
Size
51KB
-
Sample
230328-lpwmlsab99
-
MD5
e1008f122f9a3a79c4538de19fd68ae4
-
SHA1
74f48c0285dc2ea988eabd54e01c7400c75c696c
-
SHA256
6388c748c1d4c86ac8c04f3adddd2eff31f3c17df4316d705cbd2b110eee6ddd
-
SHA512
a659d7b4948948c7b828d7d4577a15c193039b56c2c902b72b8e6e2bc69428eba2989cb6c8d1214a39fb11ff5a1c1a934d17be75e9359a2b123e9c16de9326d1
-
SSDEEP
1536:/fZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBE:L+MHQFHvtKLvhuBE
Behavioral task
behavioral1
Sample
b769f97d42446ebcc4bac66aab1e6b00bd39e33fcd53ec0bdc068e5977bec559.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
b769f97d42446ebcc4bac66aab1e6b00bd39e33fcd53ec0bdc068e5977bec559
-
Size
175KB
-
MD5
2236dcb32de67abd49e20c06dd1342b7
-
SHA1
db5a1d8f34cb4c08472c316ff5c2128388481f2c
-
SHA256
b769f97d42446ebcc4bac66aab1e6b00bd39e33fcd53ec0bdc068e5977bec559
-
SHA512
8b0c420f3968057e4a2d1e8159743ae55e6c0fdc0a392b037f71c1cd115889614d400a01e1c8d20c8fb381f386f7485dde5c98fc75996f320fd9d017711a16ca
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-