General
-
Target
d59c6b2d969059ddcf82e0cc42e58719f226d10814e7a7201b85bd9b8eef2a7a
-
Size
553KB
-
Sample
230309-ljcbsaaf5x
-
MD5
a865bdc1fe8fe6bd08bb0227ee3a43da
-
SHA1
559d3fd6e11d26562ebfdbd87436a749c02e4788
-
SHA256
d59c6b2d969059ddcf82e0cc42e58719f226d10814e7a7201b85bd9b8eef2a7a
-
SHA512
b1671f61466c0925770ff023d462932f6b7ec4b56673fb6186902aad7ad6fec0481c3d23927729954b64d2cbf89b8a790ac4c9a7def38367663c70512758e61c
-
SSDEEP
12288:2Mroy90yzLVlhKOTB0nig/vuRFb32OEo7IbhL:myZVWNEsOPoL
Static task
static1
Behavioral task
behavioral1
Sample
d59c6b2d969059ddcf82e0cc42e58719f226d10814e7a7201b85bd9b8eef2a7a.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
garry
193.56.146.11:4173
-
auth_value
210ba56bf751fefe327f26e00f0be5a9
Targets
-
-
Target
d59c6b2d969059ddcf82e0cc42e58719f226d10814e7a7201b85bd9b8eef2a7a
-
Size
553KB
-
MD5
a865bdc1fe8fe6bd08bb0227ee3a43da
-
SHA1
559d3fd6e11d26562ebfdbd87436a749c02e4788
-
SHA256
d59c6b2d969059ddcf82e0cc42e58719f226d10814e7a7201b85bd9b8eef2a7a
-
SHA512
b1671f61466c0925770ff023d462932f6b7ec4b56673fb6186902aad7ad6fec0481c3d23927729954b64d2cbf89b8a790ac4c9a7def38367663c70512758e61c
-
SSDEEP
12288:2Mroy90yzLVlhKOTB0nig/vuRFb32OEo7IbhL:myZVWNEsOPoL
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-