General
-
Target
a374ec734357b164c320df75d8833836c407d5595d92662f0a915e474e1b8b80
-
Size
570KB
-
Sample
230308-nr36ksgb23
-
MD5
429f0d25862ea601b740a34585ce7b01
-
SHA1
b428f04f9b75171671edd8e67e9acbdf65b08f18
-
SHA256
a374ec734357b164c320df75d8833836c407d5595d92662f0a915e474e1b8b80
-
SHA512
53701a2562d8c3d0d7cfbcd8ce984ad497f3cdc2b0691d06de705672c6327662a74b01c961c6ea133158bc28004985c35dab1f11ad5a5e21d2b4ff0fd9540fee
-
SSDEEP
12288:mMrZy90nahimz7AuxqV2KnxfUEQBOMel19QdS2QPeYM:vyKsVAuxYfnq7UMgsdSzPU
Static task
static1
Behavioral task
behavioral1
Sample
a374ec734357b164c320df75d8833836c407d5595d92662f0a915e474e1b8b80.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
fud
193.233.20.27:4123
-
auth_value
cddc991efd6918ad5321d80dac884b40
Targets
-
-
Target
a374ec734357b164c320df75d8833836c407d5595d92662f0a915e474e1b8b80
-
Size
570KB
-
MD5
429f0d25862ea601b740a34585ce7b01
-
SHA1
b428f04f9b75171671edd8e67e9acbdf65b08f18
-
SHA256
a374ec734357b164c320df75d8833836c407d5595d92662f0a915e474e1b8b80
-
SHA512
53701a2562d8c3d0d7cfbcd8ce984ad497f3cdc2b0691d06de705672c6327662a74b01c961c6ea133158bc28004985c35dab1f11ad5a5e21d2b4ff0fd9540fee
-
SSDEEP
12288:mMrZy90nahimz7AuxqV2KnxfUEQBOMel19QdS2QPeYM:vyKsVAuxYfnq7UMgsdSzPU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-