General
-
Target
2c29a46c787d902eb8dc996bff9dd5f55d28c9a069f4cf418c39a7aa3760a0ce.zip
-
Size
51KB
-
Sample
230328-nkxefscd2t
-
MD5
aaeb0f811c62cbf8e56d50051917b723
-
SHA1
510e2fe984e916b9e0d67205cc39e105786c4a8f
-
SHA256
9bf8a47a4bc8b332ec8bb2e20a7d96b80b26544a65f7d7719e726bff90b60d9b
-
SHA512
e1844e1109a5e1a15ae69d5bc49f19c63756e5c415440b8477a377ae2dfe8968f719a9473287b27f4819695aa6913808798cfbbb9334d328e49ade1a709771c9
-
SSDEEP
768:/tG/l++VpIvJGxNH+Uh4/GJWmgUNx7he1s8CN6xorL20A6pf1EdtWTdjDNR:/M/o+yUU/ez7sNxCyLkeAxDNR
Behavioral task
behavioral1
Sample
2c29a46c787d902eb8dc996bff9dd5f55d28c9a069f4cf418c39a7aa3760a0ce.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
dent
193.233.20.33:4125
-
auth_value
e795368557f02e28e8aef6bcb279a3b0
Targets
-
-
Target
2c29a46c787d902eb8dc996bff9dd5f55d28c9a069f4cf418c39a7aa3760a0ce
-
Size
175KB
-
MD5
aaf761941601ac896df6bd5cf602f70f
-
SHA1
b9763ba75f75d75d338d1e72b8a8eab1e18bf06d
-
SHA256
2c29a46c787d902eb8dc996bff9dd5f55d28c9a069f4cf418c39a7aa3760a0ce
-
SHA512
5552ff3370d9413779432d94f3125900f55e868f2695893d5a1fe418733a1d0e311d39f8dc3070e8fa72fab54305bb7f21da53e92b1e5389d5c07d14bed5bced
-
SSDEEP
3072:s9xqZWBJaHEDgXp5lCe159Eh4bxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwY:sHqZV7ljEh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-