General
-
Target
b16162737244a2ecc1174b7fba6ac33954692688b22f85ef2702f6ca7206fdc2
-
Size
556KB
-
Sample
230216-3mjzgacc5w
-
MD5
7afe2acdb885f28159c2c07fbd7af1c8
-
SHA1
a68da7b5389d48d560625d3092bbca20f123f89a
-
SHA256
b16162737244a2ecc1174b7fba6ac33954692688b22f85ef2702f6ca7206fdc2
-
SHA512
9e1e039d5c7e4596c715fe62e0abaaf75f9382ba635e02c570bf2769bb984b3db65ad080a409d9dd21d6a36c3b77a0748e896072ea980f6f616ccda9190d3320
-
SSDEEP
12288:vMr0y90Jg3zWxcQJAx450wHut91dthZUs0F5wDgXUK:ny+Au9WwHutt6s0FQo
Static task
static1
Behavioral task
behavioral1
Sample
b16162737244a2ecc1174b7fba6ac33954692688b22f85ef2702f6ca7206fdc2.exe
Resource
win10-20220812-en
Malware Config
Extracted
redline
dubka
193.233.20.13:4136
-
auth_value
e5a9421183a033f283b2f23139b471f0
Extracted
redline
ruma
193.233.20.13:4136
-
auth_value
647d00dfaba082a4a30f383bca5d1a2a
Targets
-
-
Target
b16162737244a2ecc1174b7fba6ac33954692688b22f85ef2702f6ca7206fdc2
-
Size
556KB
-
MD5
7afe2acdb885f28159c2c07fbd7af1c8
-
SHA1
a68da7b5389d48d560625d3092bbca20f123f89a
-
SHA256
b16162737244a2ecc1174b7fba6ac33954692688b22f85ef2702f6ca7206fdc2
-
SHA512
9e1e039d5c7e4596c715fe62e0abaaf75f9382ba635e02c570bf2769bb984b3db65ad080a409d9dd21d6a36c3b77a0748e896072ea980f6f616ccda9190d3320
-
SSDEEP
12288:vMr0y90Jg3zWxcQJAx450wHut91dthZUs0F5wDgXUK:ny+Au9WwHutt6s0FQo
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-