General
-
Target
cb506997bebec10c3cf6b50d9069c78bc4789e8a8c6e276b0a7f156b6c7fc8c3.zip
-
Size
51KB
-
Sample
230328-m3mgjacc4y
-
MD5
c30e32dd465b59f5e95c3d252bd0345c
-
SHA1
5590876c65742aeb6b57e33fdac65b9ea93b56c4
-
SHA256
db55efdc926d710427c6e2118a20ce213e27f21604acbf336df276730b27df23
-
SHA512
37b821667ef5b260b8a62099845d4e476c86e93a10e914656e84168900fae8b094a260c2abf3a9c1d8eca36bf71fc83064c49467348c6c0de4a285a3b17bd5ab
-
SSDEEP
1536:NNtocHpP9nJmKx9tD/QtCBFJGKIeyok1eIjlU:ftT37DQUvwhe/gxU
Behavioral task
behavioral1
Sample
cb506997bebec10c3cf6b50d9069c78bc4789e8a8c6e276b0a7f156b6c7fc8c3.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
reiv
193.233.20.33:4125
-
auth_value
5e0113277ad2cf97a9b7e175007f1c55
Targets
-
-
Target
cb506997bebec10c3cf6b50d9069c78bc4789e8a8c6e276b0a7f156b6c7fc8c3
-
Size
175KB
-
MD5
6fe9a1c0e84784f160d1b2c9b66ed7e9
-
SHA1
0b15c141c2114d857622e690bda62f7a41d638aa
-
SHA256
cb506997bebec10c3cf6b50d9069c78bc4789e8a8c6e276b0a7f156b6c7fc8c3
-
SHA512
d33ff882894ce1ffe7c7593958e6692e62d4729785c82a44374b27b22241a2f281faa50d5a3859b964619fde0b31ea49f1a0070818b68762723623790325763d
-
SSDEEP
3072:6xqZWjfa8oty3BfeT59lhavxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+ca2:oqZCBalh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-