General
-
Target
setup.exe
-
Size
823KB
-
Sample
230722-jgw73ahh89
-
MD5
33f0e7e722079ad7de048b95fe93dd24
-
SHA1
cf41309d808ba29048e8abd4c8cafb5d23e20b9a
-
SHA256
2bc4615c970f663c94fb111ed9cc1a86bc0df218e73ff7ad270601b2d400060a
-
SHA512
88bb76a3ef4a956ecbd4e2d25ada77fb7929c8afc4a6e335698d94562f7abec404d5a0e961c632641e63f9e1acb544442e550102087adcb40233e22246df58e3
-
SSDEEP
12288:dWFPuAyL+v8LNOF/QoWTeyIljgL072n94Y5vRl1b2gyL9JGBfU7o+M:dW8AyoE8FYojjM9KMCoL
Static task
static1
Behavioral task
behavioral1
Sample
setup.exe
Resource
win7-20230712-en
Malware Config
Extracted
redline
redline
193.233.255.86:30607
Targets
-
-
Target
setup.exe
-
Size
823KB
-
MD5
33f0e7e722079ad7de048b95fe93dd24
-
SHA1
cf41309d808ba29048e8abd4c8cafb5d23e20b9a
-
SHA256
2bc4615c970f663c94fb111ed9cc1a86bc0df218e73ff7ad270601b2d400060a
-
SHA512
88bb76a3ef4a956ecbd4e2d25ada77fb7929c8afc4a6e335698d94562f7abec404d5a0e961c632641e63f9e1acb544442e550102087adcb40233e22246df58e3
-
SSDEEP
12288:dWFPuAyL+v8LNOF/QoWTeyIljgL072n94Y5vRl1b2gyL9JGBfU7o+M:dW8AyoE8FYojjM9KMCoL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-