General
-
Target
94e160f87e2d7139e47bf265109a411888811c25a205af8a14c8d9cd6819c01a.zip
-
Size
51KB
-
Sample
230328-nwfwvaag45
-
MD5
ac82f78fed8a3b10deed051627066ef5
-
SHA1
ecc9046ca1e433f2e0b6f1d066a9cffab0d7bf98
-
SHA256
b6cbe2496ceb2427f7da54eccd995f8e525a2eefbe221144f5e48b8c49a657bb
-
SHA512
901cc4744071cadf0e6f07af8055179c38b2bb2d8629302070d1691b302cf3d35770758492f179a0dda839dd3af7a28f978201689848b060ad4856f856c899e2
-
SSDEEP
1536:Woz9vO1IxntdowoGmP3hWCK3qqJc4ETloO8K:WoBO1IxQf7KdJgiK
Behavioral task
behavioral1
Sample
94e160f87e2d7139e47bf265109a411888811c25a205af8a14c8d9cd6819c01a.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
mola
193.233.20.32:4125
-
auth_value
05a04aa0a7694423bb0210907b41d794
Targets
-
-
Target
94e160f87e2d7139e47bf265109a411888811c25a205af8a14c8d9cd6819c01a
-
Size
175KB
-
MD5
3af783ba9c8a40bd853d6b47c8cb041d
-
SHA1
99ce81ce80a31da2c8c99d93c370175ba938c7d1
-
SHA256
94e160f87e2d7139e47bf265109a411888811c25a205af8a14c8d9cd6819c01a
-
SHA512
dcb1661743ee3b3971ed8c62aae479dd78a7e4775b60260d5f72f36761dedc9db87ee4f507e330c3fc94ff8be405ca7fa3e5315acdfe4ddcc7af8eb4b0952e22
-
SSDEEP
3072:jxqZWXragQx+/YbyRx4dXeh59kho/xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0ji:1qZWYby7KEkh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-