General
-
Target
de3bfae61aba1dd90e846534473ded4b.exe
-
Size
274KB
-
Sample
230610-fctplaeb94
-
MD5
de3bfae61aba1dd90e846534473ded4b
-
SHA1
65e83666f5d1ed51079e842d21abba26da6daf57
-
SHA256
9ee8de3b74aebf0ab3fd91b66dcfe7d194c75722c449d3384ca8250c648e1c57
-
SHA512
9bbcb9813c4c7ca4520e33a9e2bf7abea9579619a7770195479b1e047e4398d50992bc3e2df26d1600ad5ae5aeb6ca49fef74fca7626563b376950881f4ee790
-
SSDEEP
6144:03eMleLFrKL76c3Wk2l+IGgk/gc/+NpM:ceMYoeyWkkwj/gc/+g
Static task
static1
Behavioral task
behavioral1
Sample
de3bfae61aba1dd90e846534473ded4b.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
de3bfae61aba1dd90e846534473ded4b.exe
-
Size
274KB
-
MD5
de3bfae61aba1dd90e846534473ded4b
-
SHA1
65e83666f5d1ed51079e842d21abba26da6daf57
-
SHA256
9ee8de3b74aebf0ab3fd91b66dcfe7d194c75722c449d3384ca8250c648e1c57
-
SHA512
9bbcb9813c4c7ca4520e33a9e2bf7abea9579619a7770195479b1e047e4398d50992bc3e2df26d1600ad5ae5aeb6ca49fef74fca7626563b376950881f4ee790
-
SSDEEP
6144:03eMleLFrKL76c3Wk2l+IGgk/gc/+NpM:ceMYoeyWkkwj/gc/+g
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-