General
-
Target
virussign.com_324cd2aa01131d3419364aef51cd95c2.vir
-
Size
297KB
-
Sample
240303-hteywaeh7y
-
MD5
324cd2aa01131d3419364aef51cd95c2
-
SHA1
bf31fe4a25cd9a83d59c03f6718a54838385ec3a
-
SHA256
53896a28c864d9849469b0d71efcb5ae0063f8b13c9bad6cfa040218b3de5a2d
-
SHA512
fea172b15721a761432b2e7db8919cd8ab8ae87c63e9a493864ccbc9a6f4d6bf793bd5bfa9eb26fe0ee075a1c8728383c5f672695a91cd84b67b0d845fccce11
-
SSDEEP
3072:nqFFrqwIOGaHy9MGSwTc4klV4w5qv65TlacJTrcfHIicZqf7D34deqiOLCbBOyj:qBIOGu4kcw5hlVJTrqzcZqf7DInLC
Behavioral task
behavioral1
Sample
virussign.com_324cd2aa01131d3419364aef51cd95c2.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
SomeOne
67.203.7.148:2909
Targets
-
-
Target
virussign.com_324cd2aa01131d3419364aef51cd95c2.vir
-
Size
297KB
-
MD5
324cd2aa01131d3419364aef51cd95c2
-
SHA1
bf31fe4a25cd9a83d59c03f6718a54838385ec3a
-
SHA256
53896a28c864d9849469b0d71efcb5ae0063f8b13c9bad6cfa040218b3de5a2d
-
SHA512
fea172b15721a761432b2e7db8919cd8ab8ae87c63e9a493864ccbc9a6f4d6bf793bd5bfa9eb26fe0ee075a1c8728383c5f672695a91cd84b67b0d845fccce11
-
SSDEEP
3072:nqFFrqwIOGaHy9MGSwTc4klV4w5qv65TlacJTrcfHIicZqf7D34deqiOLCbBOyj:qBIOGu4kcw5hlVJTrqzcZqf7DInLC
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-