General
-
Target
file
-
Size
219KB
-
Sample
231117-tmng8aag52
-
MD5
5eea3c3e6eed0e15adffe67740046beb
-
SHA1
a280848b1891466015cb065e354f49d5101468d8
-
SHA256
6edc4cf5a676d8592ad06a2fd42f1153b093e2a8d4e1bd13d8c0ad2ef88d51b5
-
SHA512
5d9255630c80bde682d3cfd642c882ae809d31d3a69022ef1cd9593a5d07b8a1ec2ea12e82bc8acd823f818259732ba1b0b20251e84b515ccc6893e1809d582e
-
SSDEEP
3072:G8R+sV7KNgczVC/TrP0JakjSlJjRSdm11S3weY2KSY:dR5V7KNgcJ+rP0TSlJ0g11SAbJ
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20231025-en
Malware Config
Extracted
redline
sq1
194.169.175.220:30615
Targets
-
-
Target
file
-
Size
219KB
-
MD5
5eea3c3e6eed0e15adffe67740046beb
-
SHA1
a280848b1891466015cb065e354f49d5101468d8
-
SHA256
6edc4cf5a676d8592ad06a2fd42f1153b093e2a8d4e1bd13d8c0ad2ef88d51b5
-
SHA512
5d9255630c80bde682d3cfd642c882ae809d31d3a69022ef1cd9593a5d07b8a1ec2ea12e82bc8acd823f818259732ba1b0b20251e84b515ccc6893e1809d582e
-
SSDEEP
3072:G8R+sV7KNgczVC/TrP0JakjSlJjRSdm11S3weY2KSY:dR5V7KNgcJ+rP0TSlJ0g11SAbJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-