General
-
Target
tmp
-
Size
443KB
-
Sample
230726-v98x4sfg6s
-
MD5
79910d840d3c62dc8df6fecf3f59b6a2
-
SHA1
244fd7431a26dcf6758adadd6973357ac35fd9c2
-
SHA256
136214e8c6ed831286ca46aeeb90e2309a71882e57d7ad85add5ebb2d050d60a
-
SHA512
97ba9199096705bda7d9d54595dcee459223ff0f9c186e2d3038782643c089e30290fcccc08122d4fcc032827ffc8e168f80e42d88bf74bedea042d82825f670
-
SSDEEP
6144:t3FeLg5jxYN/OBuqCWEYs9BBoPqPXZuzbPrKBJ+nz0ymJv1jjv+HT:NFek5jaN/MHuBGyPpuzXKXY0y2Jjmz
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230712-en
Malware Config
Extracted
redline
@Germany
194.26.135.162:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
tmp
-
Size
443KB
-
MD5
79910d840d3c62dc8df6fecf3f59b6a2
-
SHA1
244fd7431a26dcf6758adadd6973357ac35fd9c2
-
SHA256
136214e8c6ed831286ca46aeeb90e2309a71882e57d7ad85add5ebb2d050d60a
-
SHA512
97ba9199096705bda7d9d54595dcee459223ff0f9c186e2d3038782643c089e30290fcccc08122d4fcc032827ffc8e168f80e42d88bf74bedea042d82825f670
-
SSDEEP
6144:t3FeLg5jxYN/OBuqCWEYs9BBoPqPXZuzbPrKBJ+nz0ymJv1jjv+HT:NFek5jaN/MHuBGyPpuzXKXY0y2Jjmz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-