General
-
Target
0812f6856b35c54ebb1a484c867d4ae03d021e542beae5c43abf3fa455cdf04e.zip
-
Size
51KB
-
Sample
230328-nzrshsag68
-
MD5
2b45c7b3a7a61b6f6a9ed762142f828e
-
SHA1
10d523a59d7c44e169cf0602242e727a7ec571d8
-
SHA256
0faf4c1907373149d0799580f52aab5345de79ec03b7e19f54262bef3fe1cf04
-
SHA512
2a1e9cf43b48c6fbf10e07b2460da0dc4f1c705abfd861c3c122b599647d2b40e3d0ef072dea57a70b0a2ece1e81e1950efe8414b954a8c6aae09421adf5a545
-
SSDEEP
1536:mzqji9WNuVHbtJMvGvdrLg8i9jzrY/27hORda:mzZ6udbtJMGN3i9Pl4Rda
Behavioral task
behavioral1
Sample
0812f6856b35c54ebb1a484c867d4ae03d021e542beae5c43abf3fa455cdf04e.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
luza
176.113.115.145:4125
-
auth_value
1261701914d508e02e8b4f25d38bc7f9
Targets
-
-
Target
0812f6856b35c54ebb1a484c867d4ae03d021e542beae5c43abf3fa455cdf04e
-
Size
175KB
-
MD5
26fc8bee8121bfa7bf8970b635f90335
-
SHA1
e8038b5a2880f3223e41ceef0d78c47f82433b13
-
SHA256
0812f6856b35c54ebb1a484c867d4ae03d021e542beae5c43abf3fa455cdf04e
-
SHA512
1c6f323edbbde97371435b770db4638862488a8f8d2019ec3d1d357690f5b58821c1c1bcdbd2e7b40548b81ee54d1e979488a5de19aa3b6efdf1567d79111f3a
-
SSDEEP
3072:kxqZWZRanU2n0YLxE3I4Ge/N9PhhPxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jr:6qZgYLx+r5Ph
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-