General
-
Target
80fdacf20dafe660e7ea195411ad2595860259cd140f93e1376d04932d9a9765
-
Size
658KB
-
Sample
230308-1td1pahd26
-
MD5
8e4c66d81a454312a6411e4fff8c8567
-
SHA1
c91131f05e9a5722fc16c9bb180a0d2f73fb46d1
-
SHA256
80fdacf20dafe660e7ea195411ad2595860259cd140f93e1376d04932d9a9765
-
SHA512
abb481e1d5a7cf169807a3a2cc28c125311e2fafa386adcd63870d59f99b42a92d67faa8be30a7ab4e76b98e034b3a3914694f716bbe29b5ea04688ae11ff2cc
-
SSDEEP
12288:5LtVnUthEmzYlx1K98K6kjuv1fGESzVl75ZM+DvoP1ZId:5TUt0xo6L1a7LXDgt6d
Static task
static1
Behavioral task
behavioral1
Sample
80fdacf20dafe660e7ea195411ad2595860259cd140f93e1376d04932d9a9765.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
garry
193.56.146.11:4173
-
auth_value
210ba56bf751fefe327f26e00f0be5a9
Extracted
amadey
3.68
193.56.146.218/images/IMG_489440/index.php
Targets
-
-
Target
80fdacf20dafe660e7ea195411ad2595860259cd140f93e1376d04932d9a9765
-
Size
658KB
-
MD5
8e4c66d81a454312a6411e4fff8c8567
-
SHA1
c91131f05e9a5722fc16c9bb180a0d2f73fb46d1
-
SHA256
80fdacf20dafe660e7ea195411ad2595860259cd140f93e1376d04932d9a9765
-
SHA512
abb481e1d5a7cf169807a3a2cc28c125311e2fafa386adcd63870d59f99b42a92d67faa8be30a7ab4e76b98e034b3a3914694f716bbe29b5ea04688ae11ff2cc
-
SSDEEP
12288:5LtVnUthEmzYlx1K98K6kjuv1fGESzVl75ZM+DvoP1ZId:5TUt0xo6L1a7LXDgt6d
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-