General
-
Target
2916-1-0x00000000011E0000-0x00000000015B4000-memory.dmp
-
Size
3.8MB
-
Sample
240402-e2589age3z
-
MD5
311e69799fb7f007b1c84b374eda9462
-
SHA1
65d1c00604a157caf8421cf166897fcd14f23844
-
SHA256
0c46132bbe94afd5660fec76d220ff38ee31756358e01d841343738f02d48588
-
SHA512
b8e0e656fa8ad9e369818b9831763a4584002a2084c8af0a9f31982b47071f6f3f8eba83acc6e836214d83fa9d7ee7576736c2b6c8ee1bcbc5e6de59e2a3d272
-
SSDEEP
49152:NKiG/CGD8k20pjpJETSIR5iEx2hdjoR9tXeCog0Uwb5cZ3jVe5:Ng/h8k2IjDI6q5eCk/iZRG
Behavioral task
behavioral1
Sample
2916-1-0x00000000011E0000-0x00000000015B4000-memory.exe
Resource
win7-20240319-en
Malware Config
Extracted
redline
1
77.221.156.45:18734
Targets
-
-
Target
2916-1-0x00000000011E0000-0x00000000015B4000-memory.dmp
-
Size
3.8MB
-
MD5
311e69799fb7f007b1c84b374eda9462
-
SHA1
65d1c00604a157caf8421cf166897fcd14f23844
-
SHA256
0c46132bbe94afd5660fec76d220ff38ee31756358e01d841343738f02d48588
-
SHA512
b8e0e656fa8ad9e369818b9831763a4584002a2084c8af0a9f31982b47071f6f3f8eba83acc6e836214d83fa9d7ee7576736c2b6c8ee1bcbc5e6de59e2a3d272
-
SSDEEP
49152:NKiG/CGD8k20pjpJETSIR5iEx2hdjoR9tXeCog0Uwb5cZ3jVe5:Ng/h8k2IjDI6q5eCk/iZRG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-