General
-
Target
2560-40-0x00000000003E0000-0x00000000007B4000-memory.dmp
-
Size
3.8MB
-
Sample
240425-rkrqrabd9t
-
MD5
2db2b64542a7e96615b9822596c74cd6
-
SHA1
2fa97aac248ee0640468fb4254a98068c550a606
-
SHA256
b72557b5e39aec21646d676f7ce0f36fb5cc2cfd0582bf331a21b5592d63207b
-
SHA512
cbb6f2feead04d7b847596a0f31b1cbf38313641e03ac09f2642b31aef29298791152d0f4c0e55c7d0221fc49447de729f4cba798aae64443edec5823ea038f4
-
SSDEEP
49152:90Cimpy4r05ox6QKTJIK5L0nWXML5TqdnjPtk08BaH8rNdkT1R:90bmAG0ozyICsGML5wjPtHIaH83kT1
Behavioral task
behavioral1
Sample
2560-40-0x00000000003E0000-0x00000000007B4000-memory.exe
Resource
win7-20240221-en
Malware Config
Extracted
redline
bild1
193.233.132.169:37732
Targets
-
-
Target
2560-40-0x00000000003E0000-0x00000000007B4000-memory.dmp
-
Size
3.8MB
-
MD5
2db2b64542a7e96615b9822596c74cd6
-
SHA1
2fa97aac248ee0640468fb4254a98068c550a606
-
SHA256
b72557b5e39aec21646d676f7ce0f36fb5cc2cfd0582bf331a21b5592d63207b
-
SHA512
cbb6f2feead04d7b847596a0f31b1cbf38313641e03ac09f2642b31aef29298791152d0f4c0e55c7d0221fc49447de729f4cba798aae64443edec5823ea038f4
-
SSDEEP
49152:90Cimpy4r05ox6QKTJIK5L0nWXML5TqdnjPtk08BaH8rNdkT1R:90bmAG0ozyICsGML5wjPtHIaH83kT1
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-