General
-
Target
caca5267659211af88a6275878cccb112910add9331f4744e86d3326a5c23d36
-
Size
864KB
-
Sample
230315-snzq7sga4z
-
MD5
06f2b80365c6575df3ff319592fb8251
-
SHA1
8b5f356507c9ce0813550f6c79ae306ed2b18741
-
SHA256
caca5267659211af88a6275878cccb112910add9331f4744e86d3326a5c23d36
-
SHA512
0069347941ca1b7f82fbb310d0303e97bfcebe3e012e1447ab16a536d845cdd00745e0b4b34f7185e3336396446c1646d71729a85eae5f852ee291133eb35097
-
SSDEEP
12288:sMrGy90xaWyXNZpmxihUQoSEBkXhy50y6JMs65NEZSN5HvQy70e7BL:KylPp6Pkhk2N65NEZm5o40QJ
Static task
static1
Behavioral task
behavioral1
Sample
caca5267659211af88a6275878cccb112910add9331f4744e86d3326a5c23d36.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
redline
sito
193.233.20.28:4125
-
auth_value
030f94d8e396dbe51ce339b815cdad17
Targets
-
-
Target
caca5267659211af88a6275878cccb112910add9331f4744e86d3326a5c23d36
-
Size
864KB
-
MD5
06f2b80365c6575df3ff319592fb8251
-
SHA1
8b5f356507c9ce0813550f6c79ae306ed2b18741
-
SHA256
caca5267659211af88a6275878cccb112910add9331f4744e86d3326a5c23d36
-
SHA512
0069347941ca1b7f82fbb310d0303e97bfcebe3e012e1447ab16a536d845cdd00745e0b4b34f7185e3336396446c1646d71729a85eae5f852ee291133eb35097
-
SSDEEP
12288:sMrGy90xaWyXNZpmxihUQoSEBkXhy50y6JMs65NEZSN5HvQy70e7BL:KylPp6Pkhk2N65NEZm5o40QJ
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-