General
-
Target
18c56770bca7299e1f3f9a1feca49816cbbc354c6870a0ea7e2330bafa383e71.zip
-
Size
51KB
-
Sample
230328-m97faaaf42
-
MD5
dc1faee13b4c855531403d1db67953f1
-
SHA1
8e9b0b5904c773bfddeb24ec83a9c1d7cc9aed94
-
SHA256
fb06e98648bae830fea25956f014839ca82611521a58d79ccc54ff5403a7df75
-
SHA512
17e39f1895c5fcd00caa518908cd419f5a073c2801b68e95000bfb56d4ed53490e29718a1aa355c027856394d1cb842bdbf28e0f87d384424a87dc1a3702ba5e
-
SSDEEP
1536:HOuTeTnE72ASTtQX6MZPDjAWi6t3qQVPwRyeMJRDf:HJyTnE7HSiX6MZPDjAQZqQVPwRyZJ5f
Behavioral task
behavioral1
Sample
18c56770bca7299e1f3f9a1feca49816cbbc354c6870a0ea7e2330bafa383e71.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
fort
193.233.20.33:4125
-
auth_value
5ea5673154a804d8c80f565f7276f720
Targets
-
-
Target
18c56770bca7299e1f3f9a1feca49816cbbc354c6870a0ea7e2330bafa383e71
-
Size
175KB
-
MD5
aa7167ada927ebbde1ce31f267c49221
-
SHA1
9299fd3277965396a96a569aade89e6f4cfbdd15
-
SHA256
18c56770bca7299e1f3f9a1feca49816cbbc354c6870a0ea7e2330bafa383e71
-
SHA512
139a35258e93f52434f4c3bb201037d86432688a4b778c726ddaa8a7180c0c22010eda1aaa4f9f5124bda4c0a6438a2a957c3717818ba069e2b485983b97849b
-
SSDEEP
3072:ExqZWjfa8oty3NhMkRq4MeV59kh4rxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jQ:aqZCNhM8h9kh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-