General
-
Target
8f3e21d3d15b6ea17b573452d7857c16.exe
-
Size
1.7MB
-
Sample
230531-gdfd2ade4t
-
MD5
8f3e21d3d15b6ea17b573452d7857c16
-
SHA1
3fbde3bd6f2f2001b8cd242cd9d68307fd140f9c
-
SHA256
14357575e409e06a45243465cd697a6c22f847968fcec7e5cd9238aa9419777c
-
SHA512
b8509127717de92eec70d9ef716192fa73c2b1bd2e5fe2c04f62cf9f6b87ef208da919eaee6fcf00ffe37008e6aedd58edbd4404aae62378346fa2ab9519b324
-
SSDEEP
12288:n0Hef2besfNRcrPNWdLBOr8GN54GiSdeiFIblEIwoZEsDbqhuhDW:Wl60wJ
Static task
static1
Behavioral task
behavioral1
Sample
8f3e21d3d15b6ea17b573452d7857c16.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
build1
101.99.93.194:28049
-
auth_value
d9b4859f9090a89a831ab84ed61a9faf
Targets
-
-
Target
8f3e21d3d15b6ea17b573452d7857c16.exe
-
Size
1.7MB
-
MD5
8f3e21d3d15b6ea17b573452d7857c16
-
SHA1
3fbde3bd6f2f2001b8cd242cd9d68307fd140f9c
-
SHA256
14357575e409e06a45243465cd697a6c22f847968fcec7e5cd9238aa9419777c
-
SHA512
b8509127717de92eec70d9ef716192fa73c2b1bd2e5fe2c04f62cf9f6b87ef208da919eaee6fcf00ffe37008e6aedd58edbd4404aae62378346fa2ab9519b324
-
SSDEEP
12288:n0Hef2besfNRcrPNWdLBOr8GN54GiSdeiFIblEIwoZEsDbqhuhDW:Wl60wJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-