General
-
Target
4b920eec3febd1c102d5be425b80053c5a56d582e0a16c24b12cb5dd42d80eb5.zip
-
Size
253KB
-
Sample
230308-ndrkmafc6w
-
MD5
e4b21da8de91d9c75cd405dd745b7d8e
-
SHA1
bcc503bc6014edda8f0ade5601aa291a3f027997
-
SHA256
0463d7c695a2f812992eacbd3e29843a0f4a49a0f664606cd9dc11bac67148e8
-
SHA512
aaf7a778c273150eee1fea74cd968b2d8c3d8d862142dae86e3c57fb863a1e8ebcd0d5ee55a06fea01aa4902d9d3a02466aef97da9146e130953d6e2a62a7f0f
-
SSDEEP
6144:I0h5J9cUQStwwECS+i0bSEtlVV+yDG5jwaTx9:PZtREf+POglfDiwaTx9
Static task
static1
Behavioral task
behavioral1
Sample
4b920eec3febd1c102d5be425b80053c5a56d582e0a16c24b12cb5dd42d80eb5.exe
Resource
win7-20230220-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
4b920eec3febd1c102d5be425b80053c5a56d582e0a16c24b12cb5dd42d80eb5.exe
-
Size
361KB
-
MD5
a413967d29faa8bfe4a16a4559cb31c0
-
SHA1
73e5da45efb8fd5d49bafce6dee1dd821cdb8988
-
SHA256
4b920eec3febd1c102d5be425b80053c5a56d582e0a16c24b12cb5dd42d80eb5
-
SHA512
74ac0edf2c551b28dde2f97978cb8904040365939e4e6eb45da0408d5b3d333705d103954a71c44221867a9919d899448013316852e5b795e8b6f28a6e25850e
-
SSDEEP
6144:FLPm5PKqhKsktou8kTRjK12KUl9fNGEXjzgU0onQCf4eZ:FLmtJGXTaqlFNfvgUJ5/Z
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-