General
-
Target
file.exe
-
Size
411KB
-
Sample
230727-zq1jvahg23
-
MD5
1209c6857cc79e40556ce90da185c356
-
SHA1
4f58e0d124edf610c0554483443cf38b4cc682a3
-
SHA256
ee5754e39b22b6758e5d2b940a0cfc11835a80779073148028a6222a7e37e086
-
SHA512
b0831e6344d6ff1eafa1e4937eae5206c9e99425ff4ec222800011dbc1c74eebbc81818b1fd6c71f8530de1cf24a15e83454dc36d37b025f57fadfbd14bb0376
-
SSDEEP
6144:LpFd4439vvCgXcn77/2Fzdm9u6tCp58B3I99RArUNOMSYZW/t:LpD39vCoc//wxmo6te5oyLyCOq4
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230712-en
Malware Config
Extracted
redline
@Germany
194.26.135.162:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
file.exe
-
Size
411KB
-
MD5
1209c6857cc79e40556ce90da185c356
-
SHA1
4f58e0d124edf610c0554483443cf38b4cc682a3
-
SHA256
ee5754e39b22b6758e5d2b940a0cfc11835a80779073148028a6222a7e37e086
-
SHA512
b0831e6344d6ff1eafa1e4937eae5206c9e99425ff4ec222800011dbc1c74eebbc81818b1fd6c71f8530de1cf24a15e83454dc36d37b025f57fadfbd14bb0376
-
SSDEEP
6144:LpFd4439vvCgXcn77/2Fzdm9u6tCp58B3I99RArUNOMSYZW/t:LpD39vCoc//wxmo6te5oyLyCOq4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-