General
-
Target
0x0031000000018646-229.dat
-
Size
219KB
-
Sample
231220-fnjnrsfhh3
-
MD5
8848e20af2e0f3f29485bd63ee16c877
-
SHA1
92ce474025880e415dcb27872a102278dba2eae1
-
SHA256
2b64b92de448dec9aab199f9f78eac04bed5f84b9b0c9bdb933a21dc62f42cb6
-
SHA512
952c49e94df7fc0048e40f512dc348e3a0fa24fe64119414e00d9be2b918daaa603ddaed23e3cae14e72f4daf9a20f2b0b2494f441e0537b6840552170c5d4a6
-
SSDEEP
3072:pJIvYu5kw7hNgcqEMplervjpLpTRwGRRSdUH1SC3ebekKSP:Nzw7hNgcldrvjpsGR0CH1Sk8ev
Behavioral task
behavioral1
Sample
0x0031000000018646-229.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0x0031000000018646-229.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
@ytlogsbot
176.123.7.190:32927
Targets
-
-
Target
0x0031000000018646-229.dat
-
Size
219KB
-
MD5
8848e20af2e0f3f29485bd63ee16c877
-
SHA1
92ce474025880e415dcb27872a102278dba2eae1
-
SHA256
2b64b92de448dec9aab199f9f78eac04bed5f84b9b0c9bdb933a21dc62f42cb6
-
SHA512
952c49e94df7fc0048e40f512dc348e3a0fa24fe64119414e00d9be2b918daaa603ddaed23e3cae14e72f4daf9a20f2b0b2494f441e0537b6840552170c5d4a6
-
SSDEEP
3072:pJIvYu5kw7hNgcqEMplervjpLpTRwGRRSdUH1SC3ebekKSP:Nzw7hNgcldrvjpsGR0CH1Sk8ev
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-