General
-
Target
4b373fe4f094ac74db89698f1a1cce5c458810389206a43dbc33d4fe8e18d7c6.zip
-
Size
51KB
-
Sample
230329-nffk5shf5t
-
MD5
3e75379f0267a082196f455abc4a2178
-
SHA1
99df280c1541c69272f6d52454c16316fb408acd
-
SHA256
60426e77de5d5e69ad36fcbc12b23f4567ddd8efa3f69275a52ae68b13ad2e88
-
SHA512
b5a80adf4ac73fddd7687e89e12c6e832ec5a7479a68171df1e7333328a5f9d27e7b836b26426f5575c3b1b1cf2cc7ea3c7aca0637511052478cbf29c67ca3aa
-
SSDEEP
1536:FfZlP+MHWztHF9HVO0tvYDG9aiIJSghnuBs:h+MHQFHvtKLvhuBs
Behavioral task
behavioral1
Sample
4b373fe4f094ac74db89698f1a1cce5c458810389206a43dbc33d4fe8e18d7c6.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
4b373fe4f094ac74db89698f1a1cce5c458810389206a43dbc33d4fe8e18d7c6
-
Size
175KB
-
MD5
efd1c0ec3b3f5d70e2d4fd43351c81a4
-
SHA1
ea2869b33807e1d01b8901bccf785e47598ed86f
-
SHA256
4b373fe4f094ac74db89698f1a1cce5c458810389206a43dbc33d4fe8e18d7c6
-
SHA512
16d0b6ffbabe01b97fcea2b94cc05907c89dbf4d7356f83ab1e5fdf621af5d3224ef1dfd17772a544c2895f25d3b4111afde9c5aebb856b0c8c04fcf2b3ff377
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-