General
-
Target
c5649d94f3ba40f2843bb4289b0bfa153af612eba3554ccae02b230357930047
-
Size
688KB
-
Sample
230309-lpv13sbg38
-
MD5
cdda74a6fe4827dba3774f4a1ba06174
-
SHA1
5734b6149a3a6eb46149e9aafd22a92c2dec7890
-
SHA256
c5649d94f3ba40f2843bb4289b0bfa153af612eba3554ccae02b230357930047
-
SHA512
486b021b483f276a7c462004d71aba3c34d739b32e6552bcdd0335ce412d14867ff2542a80282ef23646863eeb703fb179a502107461bd77bb3e7ef561ac3bf8
-
SSDEEP
12288:rMrPy90sydv0pkVpqjzuNyqtdK2++tYg0wiacdTyP8iDQ7ifavZM1C1304E+n:Qyls0pkVpM6y2b++tYgoayyPRDzlg0an
Static task
static1
Behavioral task
behavioral1
Sample
c5649d94f3ba40f2843bb4289b0bfa153af612eba3554ccae02b230357930047.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
garry
193.56.146.11:4173
-
auth_value
210ba56bf751fefe327f26e00f0be5a9
Targets
-
-
Target
c5649d94f3ba40f2843bb4289b0bfa153af612eba3554ccae02b230357930047
-
Size
688KB
-
MD5
cdda74a6fe4827dba3774f4a1ba06174
-
SHA1
5734b6149a3a6eb46149e9aafd22a92c2dec7890
-
SHA256
c5649d94f3ba40f2843bb4289b0bfa153af612eba3554ccae02b230357930047
-
SHA512
486b021b483f276a7c462004d71aba3c34d739b32e6552bcdd0335ce412d14867ff2542a80282ef23646863eeb703fb179a502107461bd77bb3e7ef561ac3bf8
-
SSDEEP
12288:rMrPy90sydv0pkVpqjzuNyqtdK2++tYg0wiacdTyP8iDQ7ifavZM1C1304E+n:Qyls0pkVpM6y2b++tYgoayyPRDzlg0an
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-