General
-
Target
0x000900000001230a-104.dat
-
Size
173KB
-
Sample
230612-rzkwrace84
-
MD5
cf87fa61e681985631c433502e20c7e2
-
SHA1
1a55061a5ab84088b81367cb8e814be9de8e257c
-
SHA256
e70649f8d9a39e9a2aed8fb07f69abbc571462a6923f1def295846591949179d
-
SHA512
e436ba7c25016164ceb5a215531628a048413260c571446a0b8301d04c3c62fad3a7e1625172fbccfe5598a91c3d2b12fa22959d8a287f5e6091999b26805ada
-
SSDEEP
3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn
Behavioral task
behavioral1
Sample
0x000900000001230a-104.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
doro
83.97.73.129:19068
-
auth_value
03f411441fb3fa233179c2cc8ffbce27
Targets
-
-
Target
0x000900000001230a-104.dat
-
Size
173KB
-
MD5
cf87fa61e681985631c433502e20c7e2
-
SHA1
1a55061a5ab84088b81367cb8e814be9de8e257c
-
SHA256
e70649f8d9a39e9a2aed8fb07f69abbc571462a6923f1def295846591949179d
-
SHA512
e436ba7c25016164ceb5a215531628a048413260c571446a0b8301d04c3c62fad3a7e1625172fbccfe5598a91c3d2b12fa22959d8a287f5e6091999b26805ada
-
SSDEEP
3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-