General
-
Target
532573-1exe.exe
-
Size
312KB
-
Sample
230702-qbnr3ach4s
-
MD5
e1ffd1caeb8f023b1db40e454e7f6613
-
SHA1
9ee55f1203c1dd9a5a2263a4f0e78ddb81ab38b7
-
SHA256
f1119324fb73b753e63b478338747415600722e28389124d2bc8d5697c81a96d
-
SHA512
a3905a4ff0e6b6065144e5a79c4dc80a032245679a52c9b1181b7cf2be2aa950c01064dcc9bb8f1978ce16be16ebe5a72d357ae375dd6ac698dee1aa79d639f4
-
SSDEEP
6144:/8Lib0J5aJnGKk27cJhfB2tR2zIXDpPJhuW9s6cJFq:U+b0/aJnNk9PB2mepPJhuW9k7
Static task
static1
Behavioral task
behavioral1
Sample
532573-1exe.exe
Resource
win7-20230621-en
Malware Config
Extracted
redline
@Chicago
185.81.68.115:2920
-
auth_value
624a75e46c4217bc2cafb7758d1978d9
Targets
-
-
Target
532573-1exe.exe
-
Size
312KB
-
MD5
e1ffd1caeb8f023b1db40e454e7f6613
-
SHA1
9ee55f1203c1dd9a5a2263a4f0e78ddb81ab38b7
-
SHA256
f1119324fb73b753e63b478338747415600722e28389124d2bc8d5697c81a96d
-
SHA512
a3905a4ff0e6b6065144e5a79c4dc80a032245679a52c9b1181b7cf2be2aa950c01064dcc9bb8f1978ce16be16ebe5a72d357ae375dd6ac698dee1aa79d639f4
-
SSDEEP
6144:/8Lib0J5aJnGKk27cJhfB2tR2zIXDpPJhuW9s6cJFq:U+b0/aJnNk9PB2mepPJhuW9k7
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-