General
-
Target
build.exe
-
Size
300KB
-
Sample
241208-rdta1avrgy
-
MD5
dfefdd2e554fd23f3b87f68c3e0f9622
-
SHA1
8be107d3c7e0aba6346ccdac289e29e3a8127af2
-
SHA256
f47c2bb84ce619d0d69445b0a1dce760482f2dd508815ba2667bab5c3a3541e9
-
SHA512
8f11525da059c6aa655d5ad2c41f89ce535ebb7a2bd4d7ce197c2ea244f28947e2338b1f97378130179490e49fd73402ee3dcdc507901f48b41ce9acf79ca182
-
SSDEEP
3072:OcZqf7D34bp/0+mA6ky4mEQog8JB1fA0PuTVAtkxzr3RgeqiOL2bBOA:OcZqf7DIFnGfsB1fA0GTV8kZgL
Behavioral task
behavioral1
Sample
build.exe
Resource
win7-20240903-en
Malware Config
Extracted
redline
l3monlogs
78.70.235.238:1912
Targets
-
-
Target
build.exe
-
Size
300KB
-
MD5
dfefdd2e554fd23f3b87f68c3e0f9622
-
SHA1
8be107d3c7e0aba6346ccdac289e29e3a8127af2
-
SHA256
f47c2bb84ce619d0d69445b0a1dce760482f2dd508815ba2667bab5c3a3541e9
-
SHA512
8f11525da059c6aa655d5ad2c41f89ce535ebb7a2bd4d7ce197c2ea244f28947e2338b1f97378130179490e49fd73402ee3dcdc507901f48b41ce9acf79ca182
-
SSDEEP
3072:OcZqf7D34bp/0+mA6ky4mEQog8JB1fA0PuTVAtkxzr3RgeqiOL2bBOA:OcZqf7DIFnGfsB1fA0GTV8kZgL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-