General
-
Target
bc4c31144cf221bde95958dbd2d58ce36a446394de7ff0ec0a7a93c44ec76c2e.zip
-
Size
51KB
-
Sample
230328-mwcnracc2t
-
MD5
8704d64857822edaeb47b6d497a59ba7
-
SHA1
14576511adddf964ef62a8022991c327aa65810a
-
SHA256
474f18446ef4c6ca90ed51bc7d9b68433feda378bc387e941c4b01c3934129dd
-
SHA512
6fbabb82a23c5c0d040e4a65a30ecdcf0a2a64be61fd8021a535fd4689ea85a84543439a90b4a7f455c21684328cf3e182e58aac3527283ff229b6b28a362bb8
-
SSDEEP
1536:WSLZmNPwTzSuZTrDjOdp3mD2aKtKLodYKjB:WSLEsWuBjOdp3V9t+wTjB
Behavioral task
behavioral1
Sample
bc4c31144cf221bde95958dbd2d58ce36a446394de7ff0ec0a7a93c44ec76c2e.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
飞机
45.195.52.34:26175
-
auth_value
a481f80a40db6a8b76b305325a28cb10
Targets
-
-
Target
bc4c31144cf221bde95958dbd2d58ce36a446394de7ff0ec0a7a93c44ec76c2e
-
Size
175KB
-
MD5
5ea64633da931c5d8a732e441d64d0ca
-
SHA1
21c7ec54c1be8f946bdc83c4010cd8d0bd0db48d
-
SHA256
bc4c31144cf221bde95958dbd2d58ce36a446394de7ff0ec0a7a93c44ec76c2e
-
SHA512
149b16d093c716ecd8b737748d8a82a6332c7335b0963256faf49ccdbe7e9a3f961c9391ce9311da10685dfe888b9c5e08584e11f622ac5f9329e24465a6ef5c
-
SSDEEP
3072:BxqZWJBaKULo3tVCwsde/fFUhG/xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuz:zqZItVC3OUh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-