General
-
Target
3e79b88bdf7a27dc3452f6bc1e6e32774933df5a9fd6d7609cf10a5f0c260697.zip
-
Size
51KB
-
Sample
230329-nfbl7ahf5s
-
MD5
3eb40869e58c31a47f0a4b2018a90d7d
-
SHA1
bc1b4419db4c6f592fcd8186ccb6aa3418eee094
-
SHA256
0c44efd91dc08a1ed33cfd0d454c979b1150c97ca63c50fd56080a6d3700dc5c
-
SHA512
33448f785af24cd36a643ad7fe89c98896770c6f3fe90c38605c94c2a1021ead5be9513d47e6598b5a06e974254c4a6c9c81cc23c5ad97ff16ec5d88423a4a03
-
SSDEEP
768:/bJhjZOsyfj0ZwKINQbzWztOw+i9HsyaumA4wWqJ2vcacOyNITgmmhKlZ6YHN:/fZlP+MHWztHF9HVO0acOyNIkmmhhYt
Behavioral task
behavioral1
Sample
3e79b88bdf7a27dc3452f6bc1e6e32774933df5a9fd6d7609cf10a5f0c260697.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
3e79b88bdf7a27dc3452f6bc1e6e32774933df5a9fd6d7609cf10a5f0c260697
-
Size
175KB
-
MD5
f82c6642e389e4d529454a316f75fdda
-
SHA1
b511027d8f81c8a46d339730254fd90a1905ae54
-
SHA256
3e79b88bdf7a27dc3452f6bc1e6e32774933df5a9fd6d7609cf10a5f0c260697
-
SHA512
e3292a229cd54f5c72b2488b1934e5b1c71349f8eaba2f43640c2b2d0048bb8f86db42b5f6a71e351b59f547bf9111d24d12c7f930a060100b70f1576f991c6e
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-