General
-
Target
84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8
-
Size
437KB
-
Sample
230224-ky2dsaag53
-
MD5
ef9a635b1d79569382d19ef3f0791eaf
-
SHA1
78544e5aa52e1abb9688d09d67704a0e9b9a42ac
-
SHA256
84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8
-
SHA512
8982eeca3498a2225a452b9c1eaaa04069dd5080798849de5e44ede3001a16f886a04901f892c527c13b62842f0b88636110832e93a410f8bf7ffbbac52142ed
-
SSDEEP
12288:aMrFy90jXcQk3o8HSfpzV+/Hu6Ky6GusYD3:/y4mbSfpZ+/u6KVGusYD3
Static task
static1
Behavioral task
behavioral1
Sample
84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
ronur
193.233.20.20:4134
-
auth_value
f88f86755a528d4b25f6f3628c460965
Extracted
redline
funka
193.233.20.20:4134
-
auth_value
cdb395608d7ec633dce3d2f0c7fb0741
Targets
-
-
Target
84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8
-
Size
437KB
-
MD5
ef9a635b1d79569382d19ef3f0791eaf
-
SHA1
78544e5aa52e1abb9688d09d67704a0e9b9a42ac
-
SHA256
84e18369c1c539d4ba47688d978060475b106c4bfcf0b15010c6a2c6fed8cfc8
-
SHA512
8982eeca3498a2225a452b9c1eaaa04069dd5080798849de5e44ede3001a16f886a04901f892c527c13b62842f0b88636110832e93a410f8bf7ffbbac52142ed
-
SSDEEP
12288:aMrFy90jXcQk3o8HSfpzV+/Hu6Ky6GusYD3:/y4mbSfpZ+/u6KVGusYD3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-