General
-
Target
71ef9c05754dbf3165f015c857573e05ce4ad5b9dadff0e1ef0f5a30e29d877e.zip
-
Size
51KB
-
Sample
230328-nzwrgacd9t
-
MD5
80007300c3621cef55f439a8e0aa1e51
-
SHA1
d386b95b9e42d1a572fe11c49c6fe323bc770ab5
-
SHA256
ec103a59066f6d7b1282784bf75b9236839f9b6e5a7d909ed76dd7c7652cb7a3
-
SHA512
cfa62d9213b69f61f71250ac23abf5defd0d8886856f1392cb03c1654f66fc73fdee51ecde3fde1fde617c544def34ab7a0ecef1c83fada8b6bbff6fe74e02b7
-
SSDEEP
768:atG/l++VpIvJGxNH+Uh4/GJWmgUNx7he1s8CN6xorL20A6pf1EdtWTdjDNd:aM/o+yUU/ez7sNxCyLkeAxDNd
Behavioral task
behavioral1
Sample
71ef9c05754dbf3165f015c857573e05ce4ad5b9dadff0e1ef0f5a30e29d877e.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
dent
193.233.20.33:4125
-
auth_value
e795368557f02e28e8aef6bcb279a3b0
Targets
-
-
Target
71ef9c05754dbf3165f015c857573e05ce4ad5b9dadff0e1ef0f5a30e29d877e
-
Size
175KB
-
MD5
b8aa3fac90894525354b82d3dbd9bdfc
-
SHA1
76637766c9550011820af291c768566a37092b22
-
SHA256
71ef9c05754dbf3165f015c857573e05ce4ad5b9dadff0e1ef0f5a30e29d877e
-
SHA512
ad968a2146ca0c2aeafc582eedf552a0bb69a0570b74bbd6048f67d1bd9e4bf698da074c260f2638242700cc70e9f0ac1427bda970f2e71d195d82f7c8cb5da7
-
SSDEEP
3072:s9xqZWBJaHEDgXp5lCe159Eh4bxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwY:sHqZV7ljEh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-