General
-
Target
a22b5011e7e19aa0ae7d943d68b7dd218a5ad0645c8d698c5c8faaf599e4a2c1.zip
-
Size
51KB
-
Sample
230328-nn2hkscd4s
-
MD5
d3e2a9be0e7572e9b3109a83b80af298
-
SHA1
a2db4a332ef66c3d3e826acdb48fb4050354a24c
-
SHA256
2820bacc2708214560f5a387d22cc5637a7c9cea052eccc44f61a75dda04c52e
-
SHA512
7a4cde4e7123646fe4c3108c4b4c11bd58e50c037fd75e211fa16a46ddffdec374a5d56f28d788c31c5aae377f68fb620d22ae6e341028912558fdf220b43fc8
-
SSDEEP
768:ctG/l++VpIvJGxNH+Uh4/GJWmgUNx7he1s8CN6xorL20A6pf1EdtWTdjDNo:cM/o+yUU/ez7sNxCyLkeAxDNo
Behavioral task
behavioral1
Sample
a22b5011e7e19aa0ae7d943d68b7dd218a5ad0645c8d698c5c8faaf599e4a2c1.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
dent
193.233.20.33:4125
-
auth_value
e795368557f02e28e8aef6bcb279a3b0
Targets
-
-
Target
a22b5011e7e19aa0ae7d943d68b7dd218a5ad0645c8d698c5c8faaf599e4a2c1
-
Size
175KB
-
MD5
1a8274baafeb91b34d9934cdeaddab7d
-
SHA1
de2e4bd75afe0fc6080cce86844d3a9edc5ca0bf
-
SHA256
a22b5011e7e19aa0ae7d943d68b7dd218a5ad0645c8d698c5c8faaf599e4a2c1
-
SHA512
acfd387f9138a78a685f2f5ae75476d471ebe3fb8ba662cc67ad158058925153c0b2d0e3794508e2489271de88f2ba00c88330837ccefaf0852ac2b9c6c60c7d
-
SSDEEP
3072:s9xqZWBJaHEDgXp5lCe159Eh4bxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwY:sHqZV7ljEh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-