General
-
Target
e4ec4b51403635a2c2611463481f034bb8a3e2f166064c1c413d82ef811468bf.zip
-
Size
51KB
-
Sample
230329-rhapfsac3t
-
MD5
6c9a674d4831493ee7814e145ac763ce
-
SHA1
720619c41d20cbd4e5a17bd423d474adba9923af
-
SHA256
2bc9ddc6b7018e7f99584a460cd3679e05f074bf14f46bc76b08cc5f2353b462
-
SHA512
9289c4c0b0338cff9d1e43592d3bb42d1ce3ec7ad1ac9f80398ebc53108e172e112ace48f555188cbca93bf5c29b14b28b6d7238d55853f1686643510157cbb6
-
SSDEEP
768:VYbJhjZOsyfj0ZwKINQbzWztOw+i9HsyaumA4wWqJ2vc/zdEdghWbGfTP9Ndy7dk:VYfZlP+MHWztHF9HVO0/OukKfJe7wqc
Behavioral task
behavioral1
Sample
e4ec4b51403635a2c2611463481f034bb8a3e2f166064c1c413d82ef811468bf.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
from
176.113.115.145:4125
-
auth_value
8633e283485822a4a48f0a41d5397566
Targets
-
-
Target
e4ec4b51403635a2c2611463481f034bb8a3e2f166064c1c413d82ef811468bf
-
Size
175KB
-
MD5
00f3ad217fa576e2748cc4ed9ccab9ac
-
SHA1
3afd7de1068bf12c084ce72c1515a298042f0d28
-
SHA256
e4ec4b51403635a2c2611463481f034bb8a3e2f166064c1c413d82ef811468bf
-
SHA512
514406602b3fd29b2ebde550a6c70faccd89fca79b693526ab67ee909344da091c661e0156240ce554417b1c7a55c32a8370a8be4ed0f159864db8e1493b8328
-
SSDEEP
3072:4xqZWZRanU2n0/Z62eJ5evJ9ih+PxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOm:mqZg/Z6XJIih
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-