General
-
Target
07128899.exe
-
Size
273KB
-
Sample
230606-ns1f3sdh9w
-
MD5
0e66021879fb2402e06f3294e80e7243
-
SHA1
2200a3b43c3603e370b00fcb16bd7d336d1d90bb
-
SHA256
e6079a6bba827d7c6109deb7f1666a8321e20f6200d402429b566f81124cee1c
-
SHA512
863a96c77565267ebe03c4a92d7ef0a7f8b9bc86646cc31a5a46a784ff212ec8dfc923cda97da0e65416aa423ccb302a431d5e4bc813756be4726289ca7712be
-
SSDEEP
6144:ChxawGD1lyeeeeeeCDKaEWUi8ga92jix8xU6WUP1ibGEf68l:ChxvWnyeeeeeeHi8ga9466WUP1iJh
Static task
static1
Behavioral task
behavioral1
Sample
07128899.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
07128899.exe
-
Size
273KB
-
MD5
0e66021879fb2402e06f3294e80e7243
-
SHA1
2200a3b43c3603e370b00fcb16bd7d336d1d90bb
-
SHA256
e6079a6bba827d7c6109deb7f1666a8321e20f6200d402429b566f81124cee1c
-
SHA512
863a96c77565267ebe03c4a92d7ef0a7f8b9bc86646cc31a5a46a784ff212ec8dfc923cda97da0e65416aa423ccb302a431d5e4bc813756be4726289ca7712be
-
SSDEEP
6144:ChxawGD1lyeeeeeeCDKaEWUi8ga92jix8xU6WUP1ibGEf68l:ChxvWnyeeeeeeHi8ga9466WUP1iJh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-