General
-
Target
1.exe
-
Size
380KB
-
Sample
230630-n362lsad61
-
MD5
ee1d3336ea6cd3c89384af743a628e2a
-
SHA1
4bd3fe1621eeaa39d628eaff3079d8baadde2969
-
SHA256
c3712a1ad83437d0b0289eeb935880bfe863fec5e92bdaf2a448966348da04b6
-
SHA512
9c2e0992942a14fa4ccfa3c2e59b08bd88b8857a3b1d815a882d873d6fcbe5f092e1a6793fa3bfaf678511a0edb829d43d398f9dc26db912ea997aa3ed804362
-
SSDEEP
6144:xbmkZTLqhzTsiB84bHMpWkhrHQek83iESlmJjc:TTLQF+4L0H1k8YmJY
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20230621-en
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
1.exe
-
Size
380KB
-
MD5
ee1d3336ea6cd3c89384af743a628e2a
-
SHA1
4bd3fe1621eeaa39d628eaff3079d8baadde2969
-
SHA256
c3712a1ad83437d0b0289eeb935880bfe863fec5e92bdaf2a448966348da04b6
-
SHA512
9c2e0992942a14fa4ccfa3c2e59b08bd88b8857a3b1d815a882d873d6fcbe5f092e1a6793fa3bfaf678511a0edb829d43d398f9dc26db912ea997aa3ed804362
-
SSDEEP
6144:xbmkZTLqhzTsiB84bHMpWkhrHQek83iESlmJjc:TTLQF+4L0H1k8YmJY
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-