General
-
Target
1209c6857cc79e40556ce90da185c356.bin
-
Size
241KB
-
Sample
230729-bc36taba5t
-
MD5
5e1fec07fb577618b432d09b1e566d6f
-
SHA1
78a95122744c7cac8800a65160661761225e42b7
-
SHA256
492e540b5cb0d57e5ce3133c0abb13feb3de1bbe0e7ef53bcf80ef23922b0218
-
SHA512
92b9500e7a23b96853287b19f32b5eecd4e36f230d6e98274abf2076676a62caa22b52642378579e223a9b66a0bf2dba017a742efd4c2b42a226e81a4f4eead0
-
SSDEEP
6144:X80qFLNZLJ/5lu8+ByVfBWH+9KYLc+qxfGmFeRvJyc2GpRk6f:XbqfZN/HZHjC0dJq5GCGvxpR/f
Static task
static1
Behavioral task
behavioral1
Sample
ee5754e39b22b6758e5d2b940a0cfc11835a80779073148028a6222a7e37e086.exe
Resource
win7-20230712-en
Malware Config
Extracted
redline
@Germany
194.26.135.162:2920
-
auth_value
9d15d78194367a949e54a07d6ce02c62
Targets
-
-
Target
ee5754e39b22b6758e5d2b940a0cfc11835a80779073148028a6222a7e37e086.exe
-
Size
411KB
-
MD5
1209c6857cc79e40556ce90da185c356
-
SHA1
4f58e0d124edf610c0554483443cf38b4cc682a3
-
SHA256
ee5754e39b22b6758e5d2b940a0cfc11835a80779073148028a6222a7e37e086
-
SHA512
b0831e6344d6ff1eafa1e4937eae5206c9e99425ff4ec222800011dbc1c74eebbc81818b1fd6c71f8530de1cf24a15e83454dc36d37b025f57fadfbd14bb0376
-
SSDEEP
6144:LpFd4439vvCgXcn77/2Fzdm9u6tCp58B3I99RArUNOMSYZW/t:LpD39vCoc//wxmo6te5oyLyCOq4
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-