General
-
Target
f5de4e2cc351fa3dc15ef8ddf2c0e5e3a29b4ab806fa09fc1def103c7ab97677
-
Size
850KB
-
Sample
230319-cd4dmsge5w
-
MD5
d826665fdb211ae135ade15bafc762d6
-
SHA1
7cd87faddb86fd3b6499f85f736f9108141c38ec
-
SHA256
f5de4e2cc351fa3dc15ef8ddf2c0e5e3a29b4ab806fa09fc1def103c7ab97677
-
SHA512
60cf5508851a665132aa990550c77a62e39aaab12df7edfdf7510deacaa695e22c2a1e2b22d9656d46e81a6178017bcbde5ec8dbc3af778becc5eb0030dc4664
-
SSDEEP
24576:oyC0clZyzZ5rn3QhXxEgMqdTm3HgtWJmP:vC0SyzPrnAjETqdgHgE
Static task
static1
Behavioral task
behavioral1
Sample
f5de4e2cc351fa3dc15ef8ddf2c0e5e3a29b4ab806fa09fc1def103c7ab97677.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
gena
193.233.20.30:4125
-
auth_value
93c20961cb6b06b2d5781c212db6201e
Extracted
redline
ruka
193.233.20.28:4125
-
auth_value
5d1d0e51ebe1e3f16cca573ff651c43c
Targets
-
-
Target
f5de4e2cc351fa3dc15ef8ddf2c0e5e3a29b4ab806fa09fc1def103c7ab97677
-
Size
850KB
-
MD5
d826665fdb211ae135ade15bafc762d6
-
SHA1
7cd87faddb86fd3b6499f85f736f9108141c38ec
-
SHA256
f5de4e2cc351fa3dc15ef8ddf2c0e5e3a29b4ab806fa09fc1def103c7ab97677
-
SHA512
60cf5508851a665132aa990550c77a62e39aaab12df7edfdf7510deacaa695e22c2a1e2b22d9656d46e81a6178017bcbde5ec8dbc3af778becc5eb0030dc4664
-
SSDEEP
24576:oyC0clZyzZ5rn3QhXxEgMqdTm3HgtWJmP:vC0SyzPrnAjETqdgHgE
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-