General
-
Target
b9a454134800fa00c2aec28bb11f7ae5219139db83e51f1da810df039e026bc5
-
Size
386KB
-
Sample
230308-nfa1nafd3z
-
MD5
3d42a931627cdec7a43fe2c75bc878b1
-
SHA1
8f0aad8051c96079224b084373a2023a15f0dc4d
-
SHA256
b9a454134800fa00c2aec28bb11f7ae5219139db83e51f1da810df039e026bc5
-
SHA512
04b20188cacafec1ab5983e2799a4a1e00a4f3976baabee49418e0323910fac503c4fdbb70041461ac0a49470ca3d25f69bc9559831e6dd10d8e53e146635fbd
-
SSDEEP
6144:KWy+bnr+mp0yN90QE/NLLp6BCQLf2W5zWL4kxZbxDbmqmTlo9:OMray90hNLLpcCQLOMWlx5x3Elo9
Static task
static1
Behavioral task
behavioral1
Sample
b9a454134800fa00c2aec28bb11f7ae5219139db83e51f1da810df039e026bc5.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
b9a454134800fa00c2aec28bb11f7ae5219139db83e51f1da810df039e026bc5
-
Size
386KB
-
MD5
3d42a931627cdec7a43fe2c75bc878b1
-
SHA1
8f0aad8051c96079224b084373a2023a15f0dc4d
-
SHA256
b9a454134800fa00c2aec28bb11f7ae5219139db83e51f1da810df039e026bc5
-
SHA512
04b20188cacafec1ab5983e2799a4a1e00a4f3976baabee49418e0323910fac503c4fdbb70041461ac0a49470ca3d25f69bc9559831e6dd10d8e53e146635fbd
-
SSDEEP
6144:KWy+bnr+mp0yN90QE/NLLp6BCQLf2W5zWL4kxZbxDbmqmTlo9:OMray90hNLLpcCQLOMWlx5x3Elo9
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-