General
-
Target
0x00090000000122ff-104.dat
-
Size
172KB
-
Sample
230609-tzf9nscf43
-
MD5
c427640fd5e42e7bfb9ffea1cfcf346d
-
SHA1
83cfbfa853ec160243e144295de6556567478834
-
SHA256
5d98696249cd74aeb54f3c5bc3e22e7f7de44cf58947f6e1950fb27e6835851a
-
SHA512
688cdfe2bf0b8138613633c81c655e2a66506fe53f504bee7d83d315def4c69c88767d0565770ac517bc9b522591b26f905320bd323fc0a6eac2e5d296decbc2
-
SSDEEP
3072:QUYvpRfFyNgq8oMGl9ixNcO3qdLbkSh8e8hb:kVoVrLbkSh
Behavioral task
behavioral1
Sample
0x00090000000122ff-104.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
duha
83.97.73.129:19068
-
auth_value
aafe99874c3b8854069470882e00246c
Targets
-
-
Target
0x00090000000122ff-104.dat
-
Size
172KB
-
MD5
c427640fd5e42e7bfb9ffea1cfcf346d
-
SHA1
83cfbfa853ec160243e144295de6556567478834
-
SHA256
5d98696249cd74aeb54f3c5bc3e22e7f7de44cf58947f6e1950fb27e6835851a
-
SHA512
688cdfe2bf0b8138613633c81c655e2a66506fe53f504bee7d83d315def4c69c88767d0565770ac517bc9b522591b26f905320bd323fc0a6eac2e5d296decbc2
-
SSDEEP
3072:QUYvpRfFyNgq8oMGl9ixNcO3qdLbkSh8e8hb:kVoVrLbkSh
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-