General
-
Target
37a7749ce16c9fa4d4c41c0827940df8bd576a5e758f913fcb0d24cdb35f3a9d
-
Size
553KB
-
Sample
230309-lyck4abg67
-
MD5
84ad1121f352fc105d02ad138a64f48b
-
SHA1
1618a0aabc38b8001a526def9c3c495119129cc4
-
SHA256
37a7749ce16c9fa4d4c41c0827940df8bd576a5e758f913fcb0d24cdb35f3a9d
-
SHA512
a4fae306ec9cc09f6063dd752a9ac843abd7b2d543c2e2f5b8189c2f9ed7174f9c166fb15f554d4c833afd17496cb43640a032447c13750ceff6ecf2bb5d9817
-
SSDEEP
12288:iMr9y90eEXMnkbHnDlpcRNcib0rig/vuPFb32OEoLIe:HyncIOHnDlpMNc9ksOPN
Static task
static1
Behavioral task
behavioral1
Sample
37a7749ce16c9fa4d4c41c0827940df8bd576a5e758f913fcb0d24cdb35f3a9d.exe
Resource
win10-20230220-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
garry
193.56.146.11:4173
-
auth_value
210ba56bf751fefe327f26e00f0be5a9
Targets
-
-
Target
37a7749ce16c9fa4d4c41c0827940df8bd576a5e758f913fcb0d24cdb35f3a9d
-
Size
553KB
-
MD5
84ad1121f352fc105d02ad138a64f48b
-
SHA1
1618a0aabc38b8001a526def9c3c495119129cc4
-
SHA256
37a7749ce16c9fa4d4c41c0827940df8bd576a5e758f913fcb0d24cdb35f3a9d
-
SHA512
a4fae306ec9cc09f6063dd752a9ac843abd7b2d543c2e2f5b8189c2f9ed7174f9c166fb15f554d4c833afd17496cb43640a032447c13750ceff6ecf2bb5d9817
-
SSDEEP
12288:iMr9y90eEXMnkbHnDlpcRNcib0rig/vuPFb32OEoLIe:HyncIOHnDlpMNc9ksOPN
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-