General
-
Target
c947ed08b9dba50b0eeafa31828b7c58ef32357e517b9191d4b56e4e8c02d3d6
-
Size
43KB
-
Sample
240419-v4szpsbe7t
-
MD5
922b4259eea3223a3c441136fa9416fa
-
SHA1
f7e27eb9271c8e166ee0e638799fc2f7008abf61
-
SHA256
c947ed08b9dba50b0eeafa31828b7c58ef32357e517b9191d4b56e4e8c02d3d6
-
SHA512
593b11878b5a8ca4851e80ff2024be584f7c1aa1c95a78002e9f50ee7f73131da16a0683fadba2109abbb57a625faeeb30307c32e94607bbba43647693628851
-
SSDEEP
768:M//w4tEh9xYmcnMLP+SgiGiksW7WEfLh0G2t6RlE0MIAwBtwHSQ1D/aE:dh9xYmcneP+8p1EfLh09tIEBI6Hrt/9
Behavioral task
behavioral1
Sample
8e28a0090832a76cf71c417cb1bf7990b9af86be258b732117a47f624387083c.exe
Resource
win7-20240215-en
Malware Config
Extracted
redline
tg
163.5.112.53:51523
Targets
-
-
Target
8e28a0090832a76cf71c417cb1bf7990b9af86be258b732117a47f624387083c.exe
-
Size
95KB
-
MD5
184ac479b3a878e9ac5535770ca34a2b
-
SHA1
1f99039911cc2cfd1a62ce348429ddd0f4435a60
-
SHA256
8e28a0090832a76cf71c417cb1bf7990b9af86be258b732117a47f624387083c
-
SHA512
e0f5185ae890b902ea5325066df23959106712e7990e120a1b9752bbd0331cac968af5ddd6092f75a1c576d4c83f4093dfbf53a2c90870d1c02b31a0e8282bb4
-
SSDEEP
1536:1qs+lqWWlbG6jejoigI/43Ywzi0Zb78ivombfexv0ujXyyed2HteulgS6pg:zCReY/+zi0ZbYe1g0ujyzdDg
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-