General
-
Target
SomeOne.exe
-
Size
297KB
-
Sample
240226-1d8kcsge54
-
MD5
336a39a3965dba11c37cb930c36a9d34
-
SHA1
36a66cd92beccb3c1433d6618da4b9aec4d5ae85
-
SHA256
11283eacf56982ad438e1060d9f11763c365f8ffedcf8e17f798b051f1a394db
-
SHA512
6f146427200216a012fb143cb4415b98023e88da54776a24c14cd13b229d754d8710fd52a32edfe32ef3bcfd72af0349bc1e665f750241e613fadcd3ac95e336
-
SSDEEP
3072:nqFFrqwIOGaHy9MGSwTc4klV4w5qv65TlacJTrcfHIicZqf7D34deqiOLCbBOy:qBIOGu4kcw5hlVJTrqzcZqf7DInL
Behavioral task
behavioral1
Sample
SomeOne.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
SomeOne
67.203.7.148:2909
Targets
-
-
Target
SomeOne.exe
-
Size
297KB
-
MD5
336a39a3965dba11c37cb930c36a9d34
-
SHA1
36a66cd92beccb3c1433d6618da4b9aec4d5ae85
-
SHA256
11283eacf56982ad438e1060d9f11763c365f8ffedcf8e17f798b051f1a394db
-
SHA512
6f146427200216a012fb143cb4415b98023e88da54776a24c14cd13b229d754d8710fd52a32edfe32ef3bcfd72af0349bc1e665f750241e613fadcd3ac95e336
-
SSDEEP
3072:nqFFrqwIOGaHy9MGSwTc4klV4w5qv65TlacJTrcfHIicZqf7D34deqiOLCbBOy:qBIOGu4kcw5hlVJTrqzcZqf7DInL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-