General
-
Target
5fe85df74736d9d887ad082ec23079675a6d92795e0add3d747ccd1501858723.zip
-
Size
51KB
-
Sample
230329-m77m9sga49
-
MD5
dd9b6f1d255c761c0b724a330f0a1e8d
-
SHA1
98cc1dfa569a2393c1cfab4b09ee0c6efcff0342
-
SHA256
5c1de0ba315e4ace0d260c5fc79fa34435e730e98f7c2e47ffc7070f1ef0f5ba
-
SHA512
5ab6124832f127c655349f9a9663eae7a9533d16019bd48e243ff8bcb4fbeac855c9e308cb4ffee67e6e7841e00ad1be39a5ef8846f6c2952e06b43bfef0f1c3
-
SSDEEP
1536:lfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBO:B+MHQFHvtKLvhuBO
Behavioral task
behavioral1
Sample
5fe85df74736d9d887ad082ec23079675a6d92795e0add3d747ccd1501858723.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
5fe85df74736d9d887ad082ec23079675a6d92795e0add3d747ccd1501858723
-
Size
175KB
-
MD5
629206192f00d7eaef07138db484e484
-
SHA1
9aeb5a02478ffc46e0150ca20be5d2a571d7f79a
-
SHA256
5fe85df74736d9d887ad082ec23079675a6d92795e0add3d747ccd1501858723
-
SHA512
0d25750263346cc2b5e98b67b734eaf2b9f176c8d6d1b16262e1d2376d1b4fe24c53aff4d7473bb829567e1b2732940fad26e192334c5ebf89cc5dbaa3985ff0
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-