General
-
Target
3ad1339dace3a7dc466e30b71ad5cad2.bin
-
Size
115KB
-
Sample
240408-bh58cscb6x
-
MD5
d6eecc56f5adfe8f1697018d62e6c140
-
SHA1
c5b0e1a192ee73a23aa572a9dfeea0ad494e9460
-
SHA256
2abbb8f47539250d5756e62ae2a85ebb1ec3e4278beaae3f5ff21b34f11d2f18
-
SHA512
8b92bd8c097417120cf0aab87b1e8a09300317c395ce0163a624aa16311d1112166e5c101fcabc4d5f026676e5835107dd5e07e1fdda97d571252e55bc1dec74
-
SSDEEP
3072:rovGP3L7wl8eMIizZpRUqw2XbBzZ59Ni/Tmj3j7GU4H6aPXk:rovGPwl8eZafRSynwar+1H6aP0
Behavioral task
behavioral1
Sample
2465316c17ecf1dbe8e8ee2c6acded1a83ecc2777c017ea3c92d3e0a99a46147.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
testnew
185.215.113.67:26260
Targets
-
-
Target
2465316c17ecf1dbe8e8ee2c6acded1a83ecc2777c017ea3c92d3e0a99a46147.exe
-
Size
304KB
-
MD5
3ad1339dace3a7dc466e30b71ad5cad2
-
SHA1
7f7212a80c3d851bcf79232a7c7670c0fb79238b
-
SHA256
2465316c17ecf1dbe8e8ee2c6acded1a83ecc2777c017ea3c92d3e0a99a46147
-
SHA512
c0715c320741e86bfe3490a3d5f85f07f933ba84902166a28a83b18bfc8a7564d8b7d98f09eed8184bc846f4627864e9ebbe95e7265b8912a6c977aca4c757bb
-
SSDEEP
3072:Iq6EgY6iQrUjGk14lwPK/logLHejZBTAUtA7i95BcZqf7D34VeqiOLibBOh:bqY6iwwPUpSZBTAwA85BcZqf7DI/L
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-