General
-
Target
NA_680fa23ffd5f8185eb50f5493_JC.exe
-
Size
441KB
-
Sample
230727-rfvxlsfg4x
-
MD5
1aaa434406dfe8a9f9832cef05c224f0
-
SHA1
3394604f1168eb67a2d6b0d151b71d05ce7d79fb
-
SHA256
680fa23ffd5f8185eb50f54932becc71d2d3b51b39033f853c4ea2e8737e34f0
-
SHA512
68d65fe676d6f7ef71e01da69d3add76e54ced23939019151eecf7eead609eba22b24278317daeb1131f6162656eb05ebc153981c275c37f10454c43a90f4acb
-
SSDEEP
6144:qlUgLNFhK7YQ/FJF6MQgyuvckovIwk27Sjv+HT:AUgpFhKcQLF6zLuExDSjmz
Static task
static1
Behavioral task
behavioral1
Sample
NA_680fa23ffd5f8185eb50f5493_JC.exe
Resource
win7-20230712-en
Malware Config
Extracted
redline
@Germany
194.26.135.162:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
NA_680fa23ffd5f8185eb50f5493_JC.exe
-
Size
441KB
-
MD5
1aaa434406dfe8a9f9832cef05c224f0
-
SHA1
3394604f1168eb67a2d6b0d151b71d05ce7d79fb
-
SHA256
680fa23ffd5f8185eb50f54932becc71d2d3b51b39033f853c4ea2e8737e34f0
-
SHA512
68d65fe676d6f7ef71e01da69d3add76e54ced23939019151eecf7eead609eba22b24278317daeb1131f6162656eb05ebc153981c275c37f10454c43a90f4acb
-
SSDEEP
6144:qlUgLNFhK7YQ/FJF6MQgyuvckovIwk27Sjv+HT:AUgpFhKcQLF6zLuExDSjmz
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-