General
-
Target
c8895fc57cb88891b4348ab4c238e03aba65d8f98e1bbf8cf1d8788db40d87d5.zip
-
Size
51KB
-
Sample
230329-nfveashf5w
-
MD5
889c4f359a04ee1a7f9340b86177e9a2
-
SHA1
b5b2eff39b99befa6d676812a964fead7ca0ccfe
-
SHA256
5a7dc4044ae50e930581f168e137619a7b6902b0939f7c9c888f6472cd615915
-
SHA512
a728485ec79688e5010fc9beb6b65a0bd141ebad80efa405f795a8b3991c37c809f401b35ac0cff39efa5517f0dc73ad129ead8c8b8e3c9e134d709903d5ea65
-
SSDEEP
1536:5fZlP+MHWztHF9HVO0tvYDG9aiIJSghnuB0:9+MHQFHvtKLvhuB0
Behavioral task
behavioral1
Sample
c8895fc57cb88891b4348ab4c238e03aba65d8f98e1bbf8cf1d8788db40d87d5.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
c8895fc57cb88891b4348ab4c238e03aba65d8f98e1bbf8cf1d8788db40d87d5
-
Size
175KB
-
MD5
f828658358673b1b17a02e5639814a22
-
SHA1
31f1f17c0b240cbcce8f3900bf61782938292bdc
-
SHA256
c8895fc57cb88891b4348ab4c238e03aba65d8f98e1bbf8cf1d8788db40d87d5
-
SHA512
e38b7224ae54688b0ba3ef0beb221f62362aa7342d5424414c136fe11d60abdd7f8f5d3f7540757e735a062d68b5d31b112d5642d53fcc60f70d962f24c68665
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-