General
-
Target
01168099.exe
-
Size
338KB
-
Sample
230606-nk52ladd24
-
MD5
0ff6386455fb0dd653a6fb76f8174954
-
SHA1
fb036be22888429f2f6b36b2a8e25aa53a658b37
-
SHA256
db00231c8fdf1cd6d3b42f1e19557f90413a59a49534a32efd8c863c47d35707
-
SHA512
f928e822828eff97fccd3f445ac8a3e95c8fdacec80cd113106855aa8915e7360f173e17d7f975d6bfdbf72897a5ed59455933a2dedd3fc26d5becd0ef4727e1
-
SSDEEP
6144:R5wK7by5cr2DusCn1WHiL2CV2W1q4ObeneGLf3pW7X2JDYr:R5J7by5lA1WHiCCQW1qxgeOf5W72NC
Static task
static1
Behavioral task
behavioral1
Sample
01168099.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
01168099.exe
-
Size
338KB
-
MD5
0ff6386455fb0dd653a6fb76f8174954
-
SHA1
fb036be22888429f2f6b36b2a8e25aa53a658b37
-
SHA256
db00231c8fdf1cd6d3b42f1e19557f90413a59a49534a32efd8c863c47d35707
-
SHA512
f928e822828eff97fccd3f445ac8a3e95c8fdacec80cd113106855aa8915e7360f173e17d7f975d6bfdbf72897a5ed59455933a2dedd3fc26d5becd0ef4727e1
-
SSDEEP
6144:R5wK7by5cr2DusCn1WHiL2CV2W1q4ObeneGLf3pW7X2JDYr:R5J7by5lA1WHiCCQW1qxgeOf5W72NC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-