General
-
Target
b9e3fc3c01e61996aa9a6f7b6295175f.exe
-
Size
95KB
-
Sample
230411-f7pzwsaf46
-
MD5
b9e3fc3c01e61996aa9a6f7b6295175f
-
SHA1
b1560474a10ca0a00250d36e73e25dcbdb1d4558
-
SHA256
b6e2f13792219fb689ba380d41834a74daa594b540e2600e279398ad8810a997
-
SHA512
1bba9b69266b4736cbe818719d318a061644a0044e423dda541dfda4e1f70a6956df6243021875c22fdc028ad43baa2d78d2d1ba6bbd6afcaf1afb1ee3462f67
-
SSDEEP
1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2q3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdMY
Behavioral task
behavioral1
Sample
b9e3fc3c01e61996aa9a6f7b6295175f.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
cheat
31.220.76.124:11620
Targets
-
-
Target
b9e3fc3c01e61996aa9a6f7b6295175f.exe
-
Size
95KB
-
MD5
b9e3fc3c01e61996aa9a6f7b6295175f
-
SHA1
b1560474a10ca0a00250d36e73e25dcbdb1d4558
-
SHA256
b6e2f13792219fb689ba380d41834a74daa594b540e2600e279398ad8810a997
-
SHA512
1bba9b69266b4736cbe818719d318a061644a0044e423dda541dfda4e1f70a6956df6243021875c22fdc028ad43baa2d78d2d1ba6bbd6afcaf1afb1ee3462f67
-
SSDEEP
1536:9qsINqLGlbG6jejoigI343Ywzi0Zb78ivombfexv0ujXyyed2q3teulgS6pY:rAMOY3+zi0ZbYe1g0ujyzdMY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-