General
-
Target
tmp
-
Size
311KB
-
Sample
231018-hc3nlsdc85
-
MD5
cc5221bdab8fd30b365bdf5e10cef035
-
SHA1
e6d2fa5b34eff042f9fe8fa7a9938e02c250b9cd
-
SHA256
b4ed0c1eb6a1dd3f17c7781a47bd080215426e57710d3306fc212072e41f8856
-
SHA512
ad0137b985ca6cd9f55be27f715ee9ba58f81ac36365dd98d0dfc5b2e03cf5371c4f1b95c590009d7df02c3255e32aa09c50299621a30c348bdc76e49e79b892
-
SSDEEP
3072:sEGPw42fWISJEBwItWylQrkYl5gwkdbseIURlT7ywPgeOQRwr3Uu:yIFUJEBXTQg05lkxlCw4ehR6f
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
wili3
94.156.6.176:8948
Targets
-
-
Target
tmp
-
Size
311KB
-
MD5
cc5221bdab8fd30b365bdf5e10cef035
-
SHA1
e6d2fa5b34eff042f9fe8fa7a9938e02c250b9cd
-
SHA256
b4ed0c1eb6a1dd3f17c7781a47bd080215426e57710d3306fc212072e41f8856
-
SHA512
ad0137b985ca6cd9f55be27f715ee9ba58f81ac36365dd98d0dfc5b2e03cf5371c4f1b95c590009d7df02c3255e32aa09c50299621a30c348bdc76e49e79b892
-
SSDEEP
3072:sEGPw42fWISJEBwItWylQrkYl5gwkdbseIURlT7ywPgeOQRwr3Uu:yIFUJEBXTQg05lkxlCw4ehR6f
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-