General
-
Target
bcd0038db8d8b68deadf2e8e1a506ee8ff33430d757b89219ddbf31e0be64871
-
Size
267KB
-
Sample
230726-v3gv2sff7y
-
MD5
093bbbbe5850b8153a00efa1df20f14e
-
SHA1
e194e15c5d3cc30c407584cbffccf50e995a2d30
-
SHA256
2ab70644431fbafabef760b3a4657f50bcb8bba0c77c5f8e5724a439af87416d
-
SHA512
dd597e96d3f2d172d8014280c655463b500a5adcd41413bf80355adb216d3e730b5baf2e0f1153c2b6aff91890b0d3a27624981ffb93d7eb06d159e221525f52
-
SSDEEP
6144:5MjnTyletUInFw/5vvZlY2RQs2Q1NS6N3EpuQYJquPqp0h+:onTfUcw/lDRs6S6N0pkquF4
Static task
static1
Behavioral task
behavioral1
Sample
bcd0038db8d8b68deadf2e8e1a506ee8ff33430d757b89219ddbf31e0be64871.exe
Resource
win7-20230712-en
Malware Config
Extracted
redline
@Germany
194.26.135.162:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
bcd0038db8d8b68deadf2e8e1a506ee8ff33430d757b89219ddbf31e0be64871
-
Size
443KB
-
MD5
6d2733f8c4f47a4db525df8ec88be7bf
-
SHA1
c94a143b9ec4e30092cf309c128cfd5b130b9708
-
SHA256
bcd0038db8d8b68deadf2e8e1a506ee8ff33430d757b89219ddbf31e0be64871
-
SHA512
80ff9defe80e0dabcead77e2a7f419b08015aedb9554c0145c61b5c652856acd240b2efc30c64995466dfea90fba1ac990b3f9c5c06ed7f5c71536c35bd02ed7
-
SSDEEP
6144:L85UtLsfletUInFw15vvZlYiRQS2M1NS6N3a4ajv+HT4:LCUtgaUcw1l5RgmS6NIjmz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-